mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-05 14:09:53 +03:00
ebe66c4ce6
Upstream libmad is dead since 2004 so switch to debian package to get
two patches that fix the following CVEs:
- CVE-2017-8372: The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to
cause a denial of service (assertion failure and application exit)
via a crafted audio file.
- CVE-2017-8373: The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted audio file.
- CVE-2017-8374: The mad_bit_skip function in bit.c in Underbit MAD
libmad 0.15.1b allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted
audio file.
Moreover:
- Remove third patch (replaced by optimize.diff debian patch)
- Remove fourth patch (same patch than
Provide-Thumb-2-alternative-code-for-MAD_F_MLN.diff)
- Remove fifth patch (same patch than libmad.thumb.diff)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 858df3643f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
7 lines
419 B
Plaintext
7 lines
419 B
Plaintext
# From http://snapshot.debian.org/archive/debian/20190310T213528Z/pool/main/libm/libmad/libmad_0.15.1b-10.dsc
|
|
sha256 bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690 libmad_0.15.1b.orig.tar.gz
|
|
sha256 dfeabd5d2398bf902660edc31f87ad40600f0aa732b946f864d8ee6bbf56a99c libmad_0.15.1b-10.diff.gz
|
|
|
|
# Hash for license file:
|
|
sha256 32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670 COPYING
|