libvorbis/libtremor OOB write

[Daniel Veditz <dveditz () mozilla com>]

libvorbis and libtremor can write out of bounds when processing
malformed Vorbis audio data.

libvorbis 1.3.6 fixes CVE-2018-5146
https://github.com/xiph/vorbis/releases/tag/v1.3.6

libtremor doesn't have numbered releases but CVE-2018-5147 is fixed in
the git repo at https://git.xiph.org/?p=tremor.git

-Dan Veditz