Latest upstream release. Changelog: Fixes: CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit() CVE-2023-45680: Null pointer dereference in vorbis_deinit()

Source: Fedora 41: libxmp 2025-23e4aeeb91 Security Advisory Updates