projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 105004f) | patch
package/libass: security bump to version 0.15
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Thu, 29 Oct 2020 13:24:29 +0000 (14:24 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 2 Nov 2020 21:06:17 +0000 (22:06 +0100)
commit4ae8ecea8fb042931cebf8f8d4cb4bc891073a77
tree6d0e1b96e753ee356e4661203da77675dca101c5tree
parent105004f72acb56e86a778deb9c33eced3173db14commit | diff
package/libass: security bump to version 0.15

- harfbuzz is mandatory since
  https://github.com/libass/libass/commit/f3e2c97e1818598afb0b1c7010003ffe4823ff21
- Fix CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s
  call to `outline_stroke` causes a signed integer overflow.) through
  https://github.com/libass/libass/commit/676f9dc5b52ef406c5527bdadbcb947f11392929
  which does not apply cleanly over version 0.14.
  It should be noted that version 0.15 also fixes other integer
  overflows (which have no CVE assigned)
- Update indentation in hash file (two spaces)

https://github.com/libass/libass/releases/tag/0.15.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/gstreamer1/gst1-plugins-bad/Config.in diff | blob | history
package/harfbuzz/Config.in diff | blob | history
package/kodi/Config.in diff | blob | history
package/libass/Config.in diff | blob | history
package/libass/libass.hash diff | blob | history
package/libass/libass.mk diff | blob | history