code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Tanu Kaskinen <tanuk@iki.fi>
	Sat, 31 Mar 2018 05:24:26 +0000 (08:24 +0300)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Thu, 5 Apr 2018 14:11:16 +0000 (15:11 +0100)
commit	a7f1fa651620b98c211459e80e5d9608ce8f1866
tree	2819a64909b9db257a85bc2d9131dfd02e19498c	tree \| snapshot
parent	c8ffc0a4456065479240de18e6080e90a7ee85c1	commit \| diff

libvorbis: CVE-2017-14633

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0_forward() in mapping0.c, which may lead
to DoS when operating on a crafted audio file with vorbis_analysis().

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633

(From OE-Core rev: f398fb04549577922e6265c0969c6d6c35a11e7c)

Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom