[Vorbis-dev] libvorbis release for recent CVE fixes?
Ellen Johnson
ellenj at mathworks.com
Tue May 26 21:47:48 UTC 2020
Hi libvorbis developers,
I hope you all are well!
Here at MathWorks we use libvorbis as part of our MATLAB audio I/O functionality, and our current version is your latest version 1.3.6. We've had the following libvorbis CVEs reported to us which appear to be fixed in your gitlab master branch and which impact our customer workflows:
CVE-2018-10392 (looks like it's fixed via gitlab issue 2335)
CVE-2018-10393 (looks like it's fixed via gitlab issue 2334, but the link to its duplicate issue 2330 does not work so I'm not 100% sure if this is fixed)
Can you please do a point release so that we can be security compliant for our MATLAB customers?
Thank you!
Ellen Johnson
MATLAB Audio, Video, Image, and Scientific Data Formats
MathWorks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/vorbis-dev/attachments/20200526/0621991d/attachment.html>
More information about the Vorbis-dev
mailing list