Reference CVE-2018-10392 in the release notes.

The fix for this issue was in the 1.3.7 release, but we didn't refer to the CVE number explicitly in the release notes. Do so now for the benefit of anyone auditing vulnerability fixes in the future. Signed-off-by: Mark Harris <mark.hsj@gmail.com>
author: Ralph Giles <giles@thaumas.net> 2020-07-16 10:23:10 -0700
committer: Ralph Giles <giles@thaumas.net> 2020-07-20 08:58:39 -0700
commit: dfc3df7b84ca2f4e71366f32d1126f521c116efa (patch)
tree: c2ab2aaa3ead840a3275ba5fc86bc91e67db7ba7
parent: 0657aee69dec8508a0011f47f3b69d7538e9d262 (diff)
download: libvorbis-git-dfc3df7b84ca2f4e71366f32d1126f521c116efa.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index c4a0addf..ba0c3ca0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,7 @@ libvorbis 1.3.7 (2020-07-04) -- "Xiph.Org libVorbis I 20200704 (Reducing Environ
 
 * Fix CVE-2018-10393 - out-of-bounds read encoding very low sample rates.
 * Fix CVE-2017-14160 - out-of-bounds read encoding very low sample rates.
+* Fix CVE-2018-10392 - out-of-bounds access encoding invalid channel count.
 * Fix handling invalid bytes per sample arguments.
 * Fix handling invalid channel count arguments.
 * Fix invalid free on seek failure.
author	Ralph Giles <giles@thaumas.net>	2020-07-16 10:23:10 -0700
committer	Ralph Giles <giles@thaumas.net>	2020-07-20 08:58:39 -0700
commit	dfc3df7b84ca2f4e71366f32d1126f521c116efa (patch)
tree	c2ab2aaa3ead840a3275ba5fc86bc91e67db7ba7
parent	0657aee69dec8508a0011f47f3b69d7538e9d262 (diff)
download	libvorbis-git-dfc3df7b84ca2f4e71366f32d1126f521c116efa.tar.gz