libvorbis: add upstream security fixes - buildroot

diff options

author	Peter Korsgaard <peter@korsgaard.com>	2018-02-16 09:09:55 +0100
committer	Peter Korsgaard <peter@korsgaard.com>	2018-02-18 21:56:19 +0100
commit	cc9282ae8c346c0b46fb249008696f6e9bc35f2c (patch)
tree	68730d7714e619de6f848550abc10df7d0232d4a /docs/manual/adding-packages-python.txt
parent	f55ab4a08ff8e02575759d58a7972824e792e657 (diff)
download	buildroot-cc9282ae8c346c0b46fb249008696f6e9bc35f2c.tar.gz buildroot-cc9282ae8c346c0b46fb249008696f6e9bc35f2c.zip

libvorbis: add upstream security fixes

Fixes the following security issues: CVE-2017-14632: Libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. CVE-2017-14633: In libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Diffstat (limited to 'docs/manual/adding-packages-python.txt')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: