update for libvorbis
Specially crafted ogg files could cause a heap-based
buffer overflow in the vorbis audio compression library that could
potentially be exploited by attackers to cause a crash or execute
arbitrary code
- Submitted by Takashi Iwai (tiwai)
Fixed bugs
bnc#747912
VUL-0: CVE-2012-0444: libvorbis: heap-based buffer overflow
CVE-CVE-2012-0444
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruptio