Opened 6 years ago

Closed 6 years ago

#10557 closed defect (fixed)


Reported by: ken@… Owned by: ken@…
Priority: high Milestone: 8.3
Component: BOOK Version: SVN
Severity: normal Keywords:


This was apparently announced on 16th March. It contains one security fix: CVE-2018-5146 An out of bounds memory write in libvorbis was reported through the Pwn2Own contest. (Also a similar flaw in libtremor which is used in android and arm platforms).

I'm not sure if this means we should just drop system vorbis from the 59.0 build, or whether we need 59.0.1.

Source is

Tinyurl gives me

Change History (3)

comment:1 by ken@…, 6 years ago

Owner: changed from blfs-book to ken@…
Status: newassigned

comment:2 by ken@…, 6 years ago

I'm obviously behind the times - system vorbis and system theora are not mentioned in the build, and not linked by which is the "master" library that pulls in lots of system and firefox libs. So, we do need this.

comment:3 by ken@…, 6 years ago

Resolution: fixed
Status: assignedclosed

Fixed, r19973.

Note: See TracTickets for help on using tickets.