]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a23241c) | patch
libsndfile1: Fix CVE-2017-8362
authorJackie Huang <jackie.huang@windriver.com>
Thu, 17 Aug 2017 06:44:28 +0000 (14:44 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 11 Sep 2017 21:15:51 +0000 (22:15 +0100)
commiteec5e5ce04cfbd1e41e54be31afee72ecc9ec5dd
tree0a211187b54aeaa4ff0958b3642b78bea43c245atree | snapshot
parenta23241c1e10c706754c19d7f69fe7c6cbac3732ecommit | diff
libsndfile1: Fix CVE-2017-8362

Backport the patch to fix CVE-2017-8362:

The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (invalid read and
application crash) via a crafted audio file.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-8362

(From OE-Core rev: 0c8da3f6f85962196f2ad54fffd839239f5c2274)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
with minor changes

Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-8362.patch [new file with mode: 0644] blob
meta/recipes-multimedia/libsndfile/libsndfile1_1.0.27.bb diff | blob | history
Mirror of the official openembedded-core repository