[Vorbis] Re: libvorbis 1.2.0 release

Robert Buchholz rbu at gentoo.org
Sun Jul 29 09:13:53 PDT 2007


Ralph Giles <giles <at> xiph.org> writes:
> A new libvorbis release is now available.
> 
> http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.bz2
> http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.gz
> http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.zip
> 
> This release fixes some robustness issues with corrupt streams, 
> including a security issue.

The correspoding CVEs are CVE-2007-4029 and CVE-2007-3106 [1].

Please consider mentioning security fixes in the ChangeLog or on
your website, especially for those users not following this
mailing list or their unix vendor's advisories.

Regards,

Robert

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106



More information about the Vorbis mailing list