Commits
Peter Korsgaard committed 9f5ffe80128
libvorbis: add upstream security fixes Fixes the following security issues: CVE-2017-14632: Libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. CVE-2017-14633: In libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit cc9282ae8c346c0b46fb249008696f6e9bc35f2c) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>