projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bd5f84d) | patch
audiofile: add security patch for CVE-2017-6839
authorPeter Korsgaard <peter@korsgaard.com>
Thu, 30 Mar 2017 21:03:35 +0000 (23:03 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 31 Mar 2017 11:36:31 +0000 (13:36 +0200)
commit844a7c6281eb442881330a5d36d5a0719f2870bf
treec9a23d069655e824f9570c3fe2a2f70704fd7629tree
parentbd5f84d301c4e74ca200a9336eca88468ec0e1f3commit | diff
audiofile: add security patch for CVE-2017-6839

Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka
audiofile) 0.3.6 allows remote attackers to cause a denial of service
(crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
https://github.com/mpruett/audiofile/issues/41

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/audiofile/0007-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch [new file with mode: 0644] blob