similar to: can we help with libvorbis release for CVE fixes?

Displaying 20 results from an estimated 8000 matches similar to: "can we help with libvorbis release for CVE fixes?"

2020 Jun 12
4
can we help with libvorbis release for CVE fixes?
Hi Ralph, Thank you for your reply! For context -- we consider reported CVEs as bugs even if it's in a third-party library we use (such as libvorbis). We first determine if the CVE is something that would impact our customer workflows. In this case because of our use of libvorbis for audio I/O, it does impact our customers so we need to resolve the CVE as soon as possible. In the
2020 Jun 30
2
can we help with libvorbis release for CVE fixes?
Yes, the gitlab instance is the correct upstream development repository. We maintain a mirror at github for the convenience of developers there. Cheers, Ralph On Mon, 2020-06-29 at 21:27 +0000, Ellen Johnson wrote: > Hi Ralph and libvorbis developers, > I thought the vorbis gitlab project was the main development site ( > https://gitlab.xiph.org/xiph/vorbis) because that's what
2020 Jul 07
2
new 1.3.7 and fix for CVE-2018-10392 (issue 2335)?
Hi Ralph, Again, thanks so much for doing all this! Plus thanks to all the folks who contributed to the new release! Quick clarifying question -- Isn't CVE-2018-10392 (looks like it’s fixed in https://gitlab.xiph.org/xiph/vorbis/-/issues/2335) also included in new version 1.3.7? If so can you please add it to release notes? (I asked the same question in
2020 Jun 29
0
can we help with libvorbis release for CVE fixes?
Hi Ralph and libvorbis developers, I thought the vorbis gitlab project was the main development site (https://gitlab.xiph.org/xiph/vorbis) because that's what the NVD CVE tracker points to for the two CVEs I mentioned. But I just realized there's also a vorbis github project (https://github.com/xiph/vorbis). Both appear to have recent activity. Is the gitlab project the correct one
2020 Jul 04
0
can we help with libvorbis release for CVE fixes?
Ok, I wasn't able to track down the original steps to reproduce this issue,s but we believe CVE-2018-10393 is a dupiicate of CVE-2017-14160, both fixed by commit 018ca26dece6. Because of the confusion, I added additional bounds checks to the bark_noise_hybridmp function, which make it clear to local analysis that no for bugs in this class are possible. This change is in commit a9eb99a5bd6f.
2020 Jun 10
0
can we help with libvorbis release for CVE fixes?
Hi Ellen, Thanks for your kind offer to help the release along. We have indeed been having trouble finding resources for that. You can certainly help by testing the git master branch with your software and reporting any issues you find. Otherwise, triaging outstanding bug reports and patches is always helpful, although that's not essential for a security-based release. I'll try to find
2018 Mar 16
1
libvorbis 1.3.6 - critical security update
libvorbis 1.3.6 has been released. This release fixes several vulnerabilities, including CVE-2018-5146, that could allow code execution from a specially crafted Ogg Vorbis file. * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. * Fix CVE-2017-14632 - free() on unitialized data * Fix CVE-2017-14633 - out-of-bounds read * Fix bitrate metadata parsing. * Fix out-of-bounds read in
2018 Mar 16
1
libvorbis 1.3.6 - critical security update
libvorbis 1.3.6 has been released. This release fixes several vulnerabilities, including CVE-2018-5146, that could allow code execution from a specially crafted Ogg Vorbis file. * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. * Fix CVE-2017-14632 - free() on unitialized data * Fix CVE-2017-14633 - out-of-bounds read * Fix bitrate metadata parsing. * Fix out-of-bounds read in
2007 Jul 26
2
libvorbis 1.2.0 release
A new libvorbis release is now available. http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.bz2 http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.gz http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.zip This release fixes some robustness issues with corrupt streams, including a security issue. Also new in this release is support for multiplexed streams in
2016 Apr 21
3
Cannot Run On The Command Line
On Wed, 20 Apr 2016 20:50:57 +0000 "Ellen K" <keyes at pushyes.xyz> wrote: > From: "Ellen K" <keyes at pushyes.xyz> > To: cireyapmin at gmail.com > Subject: RE: [R-sig-Fedora] Cannot Run On The Command Line > Date: Wed, 20 Apr 2016 20:50:57 +0000 > X-Mailer: iPad Mail (12H143) > > Hi virgo, > > Thank you for your interest in the
2003 Dec 10
4
Scatterplot axes
Please, could someone help me figure out what seems to be a very simple problem (and is still taking me hours...). I want to draw a simple scatterplot but with 'equal' axes, i.e. I want both axes to go from -3 to 3. Values for x lie between -2 and 0.5, values for y between -2.2 and 3. I have tried 'usr' and 'eqscplot' and a few other options, but it doesn't give me the
2017 Dec 19
2
Fwd: httpd24 Package Question
Hello everybody I am looking to push out httpd24-httpd-2.4.25-9.el7 to my organization, but I do not see it as being available on the mirror.centos.org site. I see a git commit for this package in April and was wondering how long it takes an rpm to become available once the commit has been completed. Also, I don't see the following CVEs addressed in any httpd24 changelogs and wanted to know
2009 Dec 07
2
Are there free R webinar recordings somewhere ?
Hi all, A friend just sent me this: http://www.mathworks.com/company/events/webinars/index.html?id=&language=en <http://www.mathworks.com/company/events/webinars/index.html?id=&language=en>And asked me if there is something of the like in the R community. Does anyone know of such a think ? Cheers, Tal ----------------Contact
2008 Dec 03
1
libvorbis 1.2.2 RC1
Version 1.2.1 was skipped. This Release Candidate's package does NOT ship with documentation as, you may have read in another thread[1], there are problems in the building process. The final release will hopefully have this issue fixed. These are the new changes since the unreleased 1.2.1: * API calls for VENDOR and ENCODER * seek correctly in files bigger than 2 GB (Windows) * fix
2009 Mar 12
3
can I draw 3D plot like this using R?
hi, all I am looking at R package RGL to draw a colored mesh/surface plot like this one (from matlab). http://www.mathworks.com/access/helpdesk/help/techdoc/visualize/cbar.gif The key features I am looking for is surfaced with grid and color, but not the terrain-like gradient. but I didn't come even close to it after browsing through rgl help file. have anyone drawn something like this
2010 Oct 13
2
vertical kites in KiteChart (plotrix)
Dear everyone, I would like to create a kite chart in which I plot densities (width of the vertical kites) in relation to sediment depth (on reversed y-axis) for 6 different locations (Distances from seep site, on x-axis on top of the plot). The dataset I would like to use is: Distance_from_seep_site Sedimentdepth Density 1100 0 107.8 1100 1 264.6 1100 2 284.2
2010 Oct 22
2
R 2.12.0 does not open in Tinn-R 2.3.5.2
Dear R users, I tried opening the R console in Tinn-R, but this is not possible. I get the following message: C:\Program Files\R\R 2.12.0\bin\R-gui.exe The file above is not executable. Please, set it with 'Options/Main/R/Path/Gui' Does anyone know how to solve this? Thanks Ellen [[alternative HTML version deleted]]
2012 Aug 28
5
return first index for each unique value in a vector
I would like to efficiently find the first index of each unique value in a very large vector. For example, if I have a vector A<-c(9,2,9,5) I would like to return not only the unique values (2,5,9) but also their first indices (2,4,1). I tried using a for loop with which(A==unique(A)[i])[1] to find the first index of each unique value but it is very slow. What I am trying to do is easily
2008 Jul 25
2
Fit a 3-Dimensional Line to Data Points
Hi Experts, I am new to R, and was wondering how to do 3D linear regression in R. In other words, I need to Fit a 3-Dimensional Line to Data Points (input). I googled before posting this, and found that it is possible in Matlab and other commercial packages. For example, see the Matlab link:
2006 May 08
3
Non repetitive permutations/combinations of elements
Hello all, I am trying to create a matrix of 1s and -1s without any repetitions for a specified number of columns. e.g. 1s and -1s for 3 columns can be done uniquely in 2^3 ways. -1 -1 -1 -1 -1 1 -1 1 -1 -1 1 1 1 -1 -1 1 -1 1 1 1 -1 1 1 1 and for 4 columns in 2^4 ways and so on. I finally used the function combn([0 1],3) that I found at the following link