projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b71a4e2) | patch
libvorbis: security bump to version 1.3.6
authorPeter Korsgaard <peter@korsgaard.com>
Fri, 16 Mar 2018 21:35:29 +0000 (22:35 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Sat, 17 Mar 2018 10:43:01 +0000 (11:43 +0100)
commiteca03d677448000f9c5387e8359c116508e03f79
treeb20a81213877721106130b9840c85671b1ecc9d7tree
parentb71a4e2067996beb102aaef6af6f14356c95be8fcommit | diff
libvorbis: security bump to version 1.3.6

Fixes CVE-2018-5146: Prevent out-of-bounds write in codebook decoding.

Drop 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch and
0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch as they are
now upstream, and add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/libvorbis/0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch [deleted file] blob | history
package/libvorbis/0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch [deleted file] blob | history
package/libvorbis/libvorbis.hash diff | blob | history
package/libvorbis/libvorbis.mk diff | blob | history