diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2017-04-26 13:52:14 +0200 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2017-04-27 10:15:05 +0200 |
| commit | c363e070d8ee036052fbcadd153d8c39ce0db55b (patch) | |
| tree | a78c6a0b4996e77c2c70a45d80d363de0c282246 /package/python-django/python-django.hash | |
| parent | c3b548020404b5ca5b52d388d2a5bc9926db0b45 (diff) | |
| download | buildroot-c363e070d8ee036052fbcadd153d8c39ce0db55b.tar.gz buildroot-c363e070d8ee036052fbcadd153d8c39ce0db55b.zip | |
libsndfile: security bump to version 1.0.28
Fixes:
CVE-2017-7585 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()"
function (common.c) when handling ID3 tags can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-7741 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with write memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
CVE-2017-7742 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with read memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer
applies. Instead pass --disable-full-suite to disable man pages,
documentation and programs, as that was presumably the reason for the patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/python-django/python-django.hash')
0 files changed, 0 insertions, 0 deletions
