nixpkgs/pkgs
Andreas Rammhold 879ffc06fe
libvorbis: 1.3.5 -> 1.3.6
This update includes the removed patches (CVE-2017-14632,
CVE-2017-14633) and additionally fixes CVE-2018-5146 [1].

The changelog:

libvorbis 1.3.6 (2018-03-16) -- "Xiph.Org libVorbis I 20180316 (Now 100% fewer shells)"

* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
* Fix bitrate metadata parsing.
* Fix out-of-bounds read in codebook parsing.
* Fix residue vector size in Vorbis I spec.
* Appveyor support
* Travis CI support
* Add secondary CMake build system.
* Build system fixes

[1] http://seclists.org/oss-sec/2018/q1/243
2018-03-17 19:17:56 +01:00
..
applications Merge pull request #37105 from Ekleog/st-0.8 2018-03-17 15:59:22 +01:00
build-support Merge commit '3ab2949' from staging into master 2018-03-15 22:30:56 +02:00
common-updater common-updater: support updating source URL 2018-03-16 23:17:07 +09:00
data Merge pull request #37158 from oxij/pkgs/tor-browsers 2018-03-16 18:06:50 +00:00
desktops evince: 3.26.0 -> 3.28.0 2018-03-14 02:49:40 -07:00
development libvorbis: 1.3.5 -> 1.3.6 2018-03-17 19:17:56 +01:00
games anki: 2.0.47 -> 2.0.50 2018-03-17 03:52:36 -05:00
misc cups-filters: 1.20.0 -> 1.20.1 2018-03-16 06:10:55 -07:00
os-specific Merge pull request #37100 from abbradar/nvidiabl 2018-03-16 16:45:15 +03:00
servers Merge pull request #37076 from ryantm/auto-update/pgbouncer 2018-03-17 13:50:34 +01:00
shells Merge remote-tracking branch 'upstream/master' into staging 2018-03-13 23:04:18 +02:00
stdenv Merge branch 'master' into staging 2018-03-10 20:38:13 +00:00
test
tools Merge pull request #37227 from ryantm/auto-update/most 2018-03-17 14:13:43 +00:00
top-level far2l: fix clang build 2018-03-17 18:48:20 +01:00