]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 0c8da3f) | patch
libsndfile1: Fix CVE-2017-8363
authorJackie Huang <jackie.huang@windriver.com>
Thu, 17 Aug 2017 06:44:29 +0000 (14:44 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 18 Aug 2017 11:35:57 +0000 (12:35 +0100)
commit9cc9956c5ed09f9016cb23bd763652e5ab55f3cd
treee37dbab7b2619d1cad63cd6345c30cd89af626adtree | snapshot
parent0c8da3f6f85962196f2ad54fffd839239f5c2274commit | diff
libsndfile1: Fix CVE-2017-8363

Backport the patch to fix CVE-2017-8363:

The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (heap-based buffer
over-read and application crash) via a crafted audio file.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-8363

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8363.patch [new file with mode: 0644] blob
meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb diff | blob | history
Mirror of the official openembedded-core repository