projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8c0ecc9) | patch
package/libvorbis: fix CVE-2018-10392
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sun, 1 Mar 2020 18:02:25 +0000 (19:02 +0100)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sun, 1 Mar 2020 18:08:58 +0000 (19:08 +0100)
commit3321eef6f28339df1c72ac4e1af937b391084501
tree3e61026279f9784ec325a49d76bdb72e7ea77367tree
parent8c0ecc91b57f8f53b57b3646b61d0ff60a8054b7commit | diff
package/libvorbis: fix CVE-2018-10392

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not
validate the number of channels, which allows remote attackers to cause
a denial of service (heap-based buffer overflow or over-read) or
possibly have unspecified other impact via a crafted file.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/libvorbis/0002-Sanity-check-number-of-channels-in-setup.patch [new file with mode: 0644] blob
package/libvorbis/libvorbis.mk diff | blob | history