From giles at thaumas.net Sat Jul 4 19:09:37 2020 From: giles at thaumas.net (Ralph Giles) Date: Sat, 04 Jul 2020 12:09:37 -0700 Subject: [Vorbis] vorbis 1.3.7 release Message-ID: <70c9bab6bd232dc2887719ec248463924be6a1dd.camel@thaumas.net> I've pleased to announce the release of libvorbis 1.3.7. The libvorbis package is the reference implementation for the Vorbis lossy audio codec, the underlying techology of the ogg file format. This new release fixes a number of issues, including potential crashes. We recommend all users upgrade. Source packages are available from the download site and mirrors: https://downloads.xiph.org/releases/vorbis/libvorbis-1.3.7.tar.xz https://downloads.xiph.org/releases/vorbis/libvorbis-1.3.7.tar.gz https://downloads.xiph.org/releases/vorbis/libvorbis-1.3.7.zip Changes since the previous 1.3.6 release: - Fix CVE-2018-10393 and CVE-2017-14160 out-of-bounds read encoding very low sample rates. - Fix handling invalid bytes per sample arguments. - Fix handling invalid channel count arguments. - Fix invalid free on seek failure. - Fix negative shift reading blocksize. - Fix accepting unreasonable float32 values. - Fix tag comparison depending on locale. - Fix unnecessarily linking libm. - Fix memory leak in test_sharedbook. - Update Visual Studio projects for ogg library filename change. - Distribute CMake build files with the source package. - Remove unnecessary configure --target switch. - Add gitlab CI support. - Add OSS-Fuzz support. - Build system and integration updates. The encoder signature is updated, and now reads: Xiph.Org libVorbis I 20200704 (Reducing Environment) Source package SHA-256 checksums: b33cc4934322bcbf6efcbacf49e3ca01aadbea4114ec9589d1b1e9d20f72954b libvo rbis-1.3.7.tar.xz 0e982409a9c3fc82ee06e08205b1355e5c6aa4c36bca58146ef399621b0ce5ab libvo rbis-1.3.7.tar.gz 57c8bc92d2741934b8dc939af49c2639edc44b8879cba2ec14ad3189e2814582 libvo rbis-1.3.7.zip Thanks to everyone who contributed! Ralph Giles Xiph.Org Foundation for Open Multimedia -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 858 bytes Desc: This is a digitally signed message part URL: