projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3321eef) | patch
package/libvorbis: annote CVE-2018-10393
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sun, 1 Mar 2020 18:02:26 +0000 (19:02 +0100)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sun, 1 Mar 2020 18:13:45 +0000 (19:13 +0100)
commite21730db5c2d4ac305f3d944cad359623a31d638
tree1c1bc7273a47d53704c656d3242acb321a594de3tree
parent3321eef6f28339df1c72ac4e1af937b391084501commit | diff
package/libvorbis: annote CVE-2018-10393

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a
stack-based buffer over-read.

Same patch as for CVE-2017-14160

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - update 0001-*.patch to also reference CVE-2018-10393
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/libvorbis/0001-CVE-2017-14160-fix-bounds-check-on-very-low-sample-rates.patch diff | blob | history
package/libvorbis/libvorbis.mk diff | blob | history