diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2017-07-03 14:43:37 +0200 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2017-07-03 21:59:51 +0200 |
| commit | b3a0afd47f278ab5dea4f5cbe01da79a2e05ec8c (patch) | |
| tree | 085c12c52d7760321226ce358de979840ad064f5 /package/lua-stdlib | |
| parent | b9153ed9546ab00eb78c30899a62d3e868a7a778 (diff) | |
| download | buildroot-b3a0afd47f278ab5dea4f5cbe01da79a2e05ec8c.tar.gz buildroot-b3a0afd47f278ab5dea4f5cbe01da79a2e05ec8c.zip | |
mpg123: security bump to version 1.25.1
>From the release notes:
- Avoid memset(NULL, 0, 0) to calm down the paranoid.
- Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten
offset from the frame flag bytes (unnoticed in practice for a long time).
Fuzzers are in the house again. This one got CVE-2017-10683.
https://sourceforge.net/p/mpg123/bugs/252/
- Avoid a mostly harmless conditional jump depending on uninitialised
fr->lay in compute_bpf() (mpg123_position()) when track is not ready yet.
- Fix undefined shifts on signed long mask in layer3.c (worked in practice,
never right in theory). Code might be a bit faster now, even. Thanks to
Agostino Sarubbo for reporting.
dlopen() is now directly used to load output modules (and the
--with-modules-suffix option has been removed), so adjust the modules logic
to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/lua-stdlib')
0 files changed, 0 insertions, 0 deletions
