<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hi libvorbis developers, <o:p></o:p></p>
<p class="MsoNormal"> I hope you all are well!<o:p></o:p></p>
<p class="MsoNormal"> Here at MathWorks we use libvorbis as part of our MATLAB audio I/O functionality, and our current version is your latest version 1.3.6. We’ve had the following libvorbis CVEs reported to us which appear to be fixed in your gitlab master
branch and which impact our customer workflows:<o:p></o:p></p>
<p class="MsoNormal"> CVE-2018-10392 (looks like it’s fixed via gitlab issue 2335)<o:p></o:p></p>
<p class="MsoNormal"> CVE-2018-10393 (looks like it’s fixed via gitlab issue 2334, but the link to its duplicate issue 2330 does not work so I’m not 100% sure if this is fixed)<o:p></o:p></p>
<p class="MsoNormal"> Can you please do a point release so that we can be security compliant for our MATLAB customers?<o:p></o:p></p>
<p class="MsoNormal"> Thank you!<o:p></o:p></p>
<p class="MsoNormal"> Ellen Johnson<o:p></o:p></p>
<p class="MsoNormal"> MATLAB Audio, Video, Image, and Scientific Data Formats<o:p></o:p></p>
<p class="MsoNormal"> MathWorks<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>