godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-02 21:48:20 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
52df4a211ce97bc978f3d60c86b85cb003c19b11
buildroot/package/libvorbis
History
Peter Korsgaard cc9282ae8c libvorbis: add upstream security fixes 
Fixes the following security issues:

CVE-2017-14632: Libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in info.c
when vi->channels<=0, a similar issue to Mozilla bug 550184.

CVE-2017-14633: In libvorbis 1.3.5, an out-of-bounds array read
vulnerability exists in the function mapping0_forward() in mapping0.c, which
may lead to DoS when operating on a crafted audio file with
vorbis_analysis().

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-18 21:56:19 +01:00
..
0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch
0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch
Config.in
libvorbis.hash
libvorbis.mk