AZL-7277 CVE-2018-10393 affecting package libvorbis for versions less than 1.3.7-1

barknoisehybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read...