[Buildroot] [PATCH] libmad: add security patch from debian
Peter Korsgaard
peter at korsgaard.com
Tue Jul 4 15:51:12 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes:
> CVE-2017-8372 - The mad_layer_III function in layer3.c in Underbit MAD
> libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a
> denial of service (assertion failure and application exit) via a crafted
> audio file.
> CVE-2017-8373 - The mad_layer_III function in layer3.c in Underbit MAD
> libmad 0.15.1b allows remote attackers to cause a denial of service
> (heap-based buffer overflow and application crash) or possibly have
> unspecified other impact via a crafted audio file.
> CVE-2017-8374 - The mad_bit_skip function in bit.c in Underbit MAD libmad
> 0.15.1b allows remote attackers to cause a denial of service (heap-based
> buffer over-read and application crash) via a crafted audio file.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.02.x and 2017.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list