]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 2840415) | patch
libsndfile1: Fix CVE-2017-8361 and CVE-2017-8365
authorJackie Huang <jackie.huang@windriver.com>
Thu, 17 Aug 2017 06:44:27 +0000 (14:44 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 18 Aug 2017 11:35:57 +0000 (12:35 +0100)
commitd92877ade8fd4dd9b548c6b664bf4357a1f9428a
treefa83faaac7541caf1422e6fcb313a5af5064f6eatree | snapshot
parent28404157e07a915d1445166df566c8838f2cce57commit | diff
libsndfile1: Fix CVE-2017-8361 and CVE-2017-8365

Backport the patch to fix two CVEs:

CVE-2017-8361:
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (buffer overflow and
application crash) or possibly have unspecified other impact via a
crafted audio file.

CVE-2017-8365:
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote
attackers to cause a denial of service (buffer over-read and application
crash) via a crafted audio file.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-8361
https://nvd.nist.gov/vuln/detail/CVE-2017-8365

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8361-8365.patch [new file with mode: 0644] blob
meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb diff | blob | history
Mirror of the official openembedded-core repository