]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: b5fb3a7) | patch
taglib: Security fix CVE-2018-11439
authorYi Zhao <yi.zhao@windriver.com>
Fri, 7 Sep 2018 00:22:05 +0000 (08:22 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 27 Sep 2018 11:16:46 +0000 (12:16 +0100)
commit4b4c663fe048be7e7c39addb022a7ae471c743de
tree9a08093fb29a36d1e8a699922a3aa1e23dbdcbe2tree | snapshot
parentb5fb3a7c5c873747eaa028d588a22a1ca1956544commit | diff
taglib: Security fix CVE-2018-11439

CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function in
oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause
information disclosure (heap-based buffer over-read) via a crafted audio
file.

References:
https://nvd.nist.gov/vuln/detail/CVE-2018-11439

Patch from:
https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278

(From OE-Core rev: a300c4917b6c22ef039158be7ae92055c35658d4)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-support/taglib/taglib/CVE-2018-11439.patch [new file with mode: 0644] blob
meta/recipes-support/taglib/taglib_1.11.1.bb diff | blob | history
Mirror of the official openembedded-core repository