libvorbis 1.3.7 (2020-07-04) -- "Xiph.Org libVorbis I 20200704 (Reducing Environment)"
- Fix CVE-2018-10393 - out-of-bounds read encoding very low sample rates.
- Fix CVE-2017-14160 - out-of-bounds read encoding very low sample rates.
- Fix CVE-2018-10392 - out-of-bounds access encoding invalid channel count.
- Fix handling invalid bytes per sample arguments.
- Fix handling invalid channel count arguments.
- Fix invalid free on seek failure.
- Fix negative shift reading blocksize.
- Fix accepting unreasonable float32 values.
- Fix tag comparison depending on locale.
- Fix unnecessarily linking libm.
- Fix memory leak in test_sharedbook.
- Update Visual Studio projects for ogg library filename change.
- Distribute CMake build files with the source package.
- Remove unnecessary configure --target switch.
- Add gitlab CI support.
- Add OSS-Fuzz support.
- Build system and integration updates.
Source package checksums
b33cc4934322bcbf6efcbacf49e3ca01aadbea4114ec9589d1b1e9d20f72954b libvorbis-1.3.7.tar.xz
0e982409a9c3fc82ee06e08205b1355e5c6aa4c36bca58146ef399621b0ce5ab libvorbis-1.3.7.tar.gz
57c8bc92d2741934b8dc939af49c2639edc44b8879cba2ec14ad3189e2814582 libvorbis-1.3.7.zip