Subject: CVS commit: [pkgsrc-2017Q4] pkgsrc/audio/libvorbis
From: S.P.Zeidler
Date: 2018-03-16 22:37:30
Message id: 20180316213730.B866FFB40@cvs.NetBSD.org
Log Message:
Pullup ticket #5722 - requested by maya
audio/libvorbis: security update

Revisions pulled up:
- audio/libvorbis/Makefile                                      1.60
- audio/libvorbis/distinfo                                      1.26

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	maya
   Date:		Fri Mar 16 20:23:53 UTC 2018

   Modified Files:
   	pkgsrc/audio/libvorbis: Makefile distinfo

   Log Message:
   libvorbis: update to 1.3.6. security fix.

   libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% \ 
fewer shells)"

   * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
   * Fix CVE-2017-14632 - free() on unitialized data
   * Fix CVE-2017-14633 - out-of-bounds read
   * Fix bitrate metadata parsing.
   * Fix out-of-bounds read in codebook parsing.
   * Fix residue vector size in Vorbis I spec.
   * Appveyor support
   * Travis CI support
   * Add secondary CMake build system.
   * Build system fixes

   To generate a diff of this commit:
   cvs rdiff -u -r1.59 -r1.60 pkgsrc/audio/libvorbis/Makefile
   cvs rdiff -u -r1.25 -r1.26 pkgsrc/audio/libvorbis/distinfo
Files:
RevisionActionfile
1.59.6.1modifypkgsrc/audio/libvorbis/Makefile
1.25.20.1modifypkgsrc/audio/libvorbis/distinfo