[Vorbis] Re: libvorbis 1.2.0 release
Robert Buchholz
rbu at gentoo.org
Sun Jul 29 09:13:53 PDT 2007
Ralph Giles <giles <at> xiph.org> writes:
> A new libvorbis release is now available.
>
> http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.bz2
> http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.gz
> http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.zip
>
> This release fixes some robustness issues with corrupt streams,
> including a security issue.
The correspoding CVEs are CVE-2007-4029 and CVE-2007-3106 [1].
Please consider mentioning security fixes in the ChangeLog or on
your website, especially for those users not following this
mailing list or their unix vendor's advisories.
Regards,
Robert
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106
More information about the Vorbis
mailing list