CVE-2018-5146

Priority
Medium
Description
out-of-bound write while processing Vorbis audio
References
Bugs
Notes
 tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine
Package
Upstream:released (52.7.2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (59.0.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (59.0.1+build1-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (59.0.1+build1-0ubuntu0.16.04.1)
Ubuntu 17.10 (Artful Aardvark):released (59.0.1+build1-0ubuntu0.17.10.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.10 (Artful Aardvark):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Package
Upstream:released (52.7.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1:52.7.0+build1-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:52.7.0+build1-0ubuntu0.16.04.1)
Ubuntu 17.10 (Artful Aardvark):released (1:52.7.0+build1-0ubuntu0.17.10.1)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.3.2-1.3ubuntu1.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.3.5-3ubuntu0.2)
Ubuntu 17.10 (Artful Aardvark):released (1.3.5-4ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.3.5-4.2)
Patches:
Upstream:https://git.xiph.org/?p=vorbis.git;a=commit;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.10 (Artful Aardvark):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
More Information

Updated: 2018-03-29 16:14:23 UTC (commit 14457)