git.libre-soc.org Git - buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Tue, 4 Feb 2020 15:18:19 +0000 (16:18 +0100)
committer	Thomas Petazzoni <thomas.petazzoni@bootlin.com>
	Tue, 4 Feb 2020 22:12:59 +0000 (23:12 +0100)
commit	fd43037c8c447b6761250b6dcbd4b7dfaa4d4425
tree	22b8562a2a63d430919be45ff6b4180e0617ced7	tree
parent	45fbadb0b785de116b369fb1d413063126316c19	commit \| diff

package/vorbis-tools: add upstream security fixes for CVE-2014-96{38, 39, 40}

Fixes the following security vulnerabilities:

- CVE-2014-9638: oggenc in vorbis-tools 1.4.0 allows remote attackers to
  cause a denial of service (divide-by-zero error and crash) via a WAV file
  with the number of channels set to zero.

- CVE-2014-9639: Integer overflow in oggenc in vorbis-tools 1.4.0 allows
  remote attackers to cause a denial of service (crash) via a crafted number
  of channels in a WAV file, which triggers an out-of-bounds memory access.

- CVE-2014-9640: oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote
  attackers to cause a denial of service (out-of-bounds read) via a crafted
  raw file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/vorbis-tools/0002-oggenc-validate-count-of-channels-in-the-header-CVE-.patch	[new file with mode: 0644]	blob
package/vorbis-tools/0003-oggenc-fix-crash-on-raw-file-close-reported-by-Hanno.patch	[new file with mode: 0644]	blob