code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Yi Zhao <yi.zhao@windriver.com>
	Fri, 7 Sep 2018 00:22:05 +0000 (08:22 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Fri, 7 Sep 2018 16:48:32 +0000 (17:48 +0100)
commit	a300c4917b6c22ef039158be7ae92055c35658d4
tree	05268fb726e130b5137e2f7025c20a80ae83b5ef	tree \| snapshot
parent	d2dc07ebc9e38a7936c942b7c89caa67b654c587	commit \| diff

taglib: Security fix CVE-2018-11439

CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function in
oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause
information disclosure (heap-based buffer over-read) via a crafted audio
file.

References:
https://nvd.nist.gov/vuln/detail/CVE-2018-11439

Patch from:
https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-support/taglib/taglib/CVE-2018-11439.patch	[new file with mode: 0644]	blob
meta/recipes-support/taglib/taglib_1.11.1.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom