diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2017-10-22 13:15:08 +0200 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@free-electrons.com> | 2017-10-22 14:04:44 +0200 |
| commit | 7e3583dd558925a447eaa4367d659f39482fbbc0 (patch) | |
| tree | 039dbc8b17b8e43fe5f5feeb8a51aae1abb8030d /package/python-backports-shutil-get-terminal-size/python-backports-shutil-get-terminal-size.mk | |
| parent | 1dd543b4ae12aa161ac0558555c9f03e82ceffb6 (diff) | |
| download | buildroot-7e3583dd558925a447eaa4367d659f39482fbbc0.tar.gz buildroot-7e3583dd558925a447eaa4367d659f39482fbbc0.zip | |
lame: security bump to version 3.100
Fixes the following security issues:
CVE-2017-9410: fill_buffer_resample function in libmp3lame/util.c heap-based
buffer over-read and ap
CVE-2017-9411: fill_buffer_resample function in libmp3lame/util.c invalid
memory read and application crash
CVE-2017-9412: unpack_read_samples function in frontend/get_audio.c invalid
memory read and application crash
Drop patches now upstream or no longer needed:
0001-configure.patch: Upstream as mentioned in patch description
0002-gtk1-ac-directives.patch: Upstream as mentioned in patch
description/release notes:
Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1.
This was transplanted back from aclocal.m4 with a patch provided by Andres
Mejia. This change makes it easy to regenerate autotools' files with a simple
invocation of autoconf -vfi.
0003-msse.patch: Not needed as -march <x86-variant-with-msse-support>
nowadays implies -msse.
With these removed, autoreconf is no longer needed.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Diffstat (limited to 'package/python-backports-shutil-get-terminal-size/python-backports-shutil-get-terminal-size.mk')
0 files changed, 0 insertions, 0 deletions
