projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cc00bde) | patch
audiofile: add security patch for CVE-2017-6829
authorPeter Korsgaard <peter@korsgaard.com>
Thu, 30 Mar 2017 21:03:32 +0000 (23:03 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 31 Mar 2017 11:36:20 +0000 (13:36 +0200)
commit434890df2a7c131b40fec1c49e6239972ab299d2
treec029b67c50e027403d0922852531ff0076b14bfetree
parentcc00bde57fc20d11f8fa4e8ec5f193c091714c55commit | diff
audiofile: add security patch for CVE-2017-6829

The decodeSample function in IMA.cpp in Audio File Library (aka audiofile)
0.3.6 allows remote attackers to cause a denial of service (crash) via a
crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp
https://github.com/mpruett/audiofile/issues/33

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/audiofile/0004-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch [new file with mode: 0644] blob