Updated vorbis-tools packages fix vulnerabilities
A vulnerability in the Speex library was found where it did not
properly validate input values read from the Speex files headers.
An attacker could create a malicious Speex file that would crash an
application or potentially allow the execution of arbitrary code
with the privileges of the application calling the Speex library
(CVE-2008-1686).
The ogg123 application in vorbis-tools is similarly affected by
this issue.
The updated packages have been patched to correct this issue.