Debian Bug report logs -
#669196
libvorbisidec: multiple longstanding unfixed security issues in libvorbis
Package:
libvorbisidec;
Maintainer for libvorbisidec is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>;
Reported by: Michael Gilbert <mgilbert@debianorg>
Date: Wed, 18 Apr 2012 03:21:01 UTC
...
Synopsis
Important: libvorbis security update
Type/Severity
Security Advisory: Important
Topic
Updated libvorbis packages that fix one security issue are now availablefor Red Hat Enterprise Linux 4, 5, and 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Commo ...
Synopsis
Critical: firefox security update
Type/Severity
Security Advisory: Critical
Topic
Updated firefox packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4, 5, and 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common V ...
Several vulnerabilities have been discovered in Iceweasel, a web browser
based on Firefox The included XULRunner library provides rendering
services for several other applications included in Debian
CVE-2011-3670
Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed,
resulting in potential information disclosure
CVE-2012-044 ...
Several vulnerabilities have been found in the Iceape internet suite, an
unbranded version of Seamonkey:
CVE-2011-3670
Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed,
resulting in potential information disclosure
CVE-2012-0442
Jesse Ruderman and Bob Clary discovered memory corruption bugs, which
may lead to the ex ...
It was discovered that a heap overflow in the Vorbis audio compression
library could lead to the execution of arbitrary code if a malformed
Ogg Vorbis file is processed
For the stable distribution (squeeze), this problem has been fixed in
version 131-1+squeeze1
For the unstable distribution (sid), this problem will be fixed soon
We recommend t ...
A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-0444) ...
Mozilla Foundation Security Advisory 2012-07
Potential Memory Corruption When Decoding Ogg Vorbis files
Announced
January 31, 2012
Reporter
regenrecht
Impact
Critical
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
...
libvorbis could be made to crash or run programs as your login if it
opened a specially crafted file ...
Several security issues were fixed in Thunderbird ...
Several security issues were fixed in Firefox ...
Several security issues were fixed in Xulrunner ...
This update provides compatible ubufox and webfav packages for the latest
Firefox ...
This update provides compatible Mozvoikko packages for the latest Firefox ...
Several security issues were fixed in Thunderbird ...