mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-08 02:09:48 +03:00
ce4ed2b3df
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a
stack-based buffer over-read.
Same patch as for CVE-2017-14160
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- update 0001-*.patch to also reference CVE-2018-10393
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e21730db5c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
23 lines
741 B
Makefile
23 lines
741 B
Makefile
################################################################################
|
|
#
|
|
# libvorbis
|
|
#
|
|
################################################################################
|
|
|
|
LIBVORBIS_VERSION = 1.3.6
|
|
LIBVORBIS_SOURCE = libvorbis-$(LIBVORBIS_VERSION).tar.xz
|
|
LIBVORBIS_SITE = http://downloads.xiph.org/releases/vorbis
|
|
LIBVORBIS_INSTALL_STAGING = YES
|
|
LIBVORBIS_CONF_OPTS = --disable-oggtest
|
|
LIBVORBIS_DEPENDENCIES = host-pkgconf libogg
|
|
LIBVORBIS_LICENSE = BSD-3-Clause
|
|
LIBVORBIS_LICENSE_FILES = COPYING
|
|
|
|
# 0001-CVE-2017-14160-fix-bounds-check-on-very-low-sample-rates.patch
|
|
LIBVORBIS_IGNORE_CVES += CVE-2018-10393
|
|
|
|
# 0002-Sanity-check-number-of-channels-in-setup.patch
|
|
LIBVORBIS_IGNORE_CVES += CVE-2018-10392
|
|
|
|
$(eval $(autotools-package))
|