<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/libsndfile/libsndfile.hash, branch 2017.08</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2017.08</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2017.08'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2017-04-27T08:15:05+00:00</updated>
<entry>
<title>libsndfile: security bump to version 1.0.28</title>
<updated>2017-04-27T08:15:05+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2017-04-26T11:52:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=c363e070d8ee036052fbcadd153d8c39ce0db55b'/>
<id>urn:sha1:c363e070d8ee036052fbcadd153d8c39ce0db55b</id>
<content type='text'>
Fixes:

CVE-2017-7585 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.

CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()"
function (common.c) when handling ID3 tags can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.

CVE-2017-7741 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with write memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

CVE-2017-7742 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with read memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer
applies.  Instead pass --disable-full-suite to disable man pages,
documentation and programs, as that was presumably the reason for the patch.

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/libsndfile: bump version to 1.0.27</title>
<updated>2016-07-07T09:48:50+00:00</updated>
<author>
<name>Bernd Kuhls</name>
<email>bernd.kuhls@t-online.de</email>
</author>
<published>2016-07-07T05:10:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=e7a82e9653c79dfe202881ec0304016e7582a6bf'/>
<id>urn:sha1:e7a82e9653c79dfe202881ec0304016e7582a6bf</id>
<content type='text'>
Signed-off-by: Bernd Kuhls &lt;bernd.kuhls@t-online.de&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>libsndfile: security bump to version 1.0.26</title>
<updated>2015-12-15T20:36:02+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2015-12-15T17:44:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=860894e8d7bf8cf52c21a4603118696bb3976fdd'/>
<id>urn:sha1:860894e8d7bf8cf52c21a4603118696bb3976fdd</id>
<content type='text'>
Fixes:
CVE-2014-9496 - SD2 buffer read overflow.
CVE-2014-9756 - file_io.c divide by zero.
CVE-2015-7805 - AIIF heap write overflow.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>libsndfile: add hash file</title>
<updated>2015-07-16T20:36:36+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2015-07-15T18:28:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=5d30841f86fbb722a863a42abef9b7e79b89d86f'/>
<id>urn:sha1:5d30841f86fbb722a863a42abef9b7e79b89d86f</id>
<content type='text'>
Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
</content>
</entry>
</feed>
