[Buildroot] [PATCH] libvorbis: add upstream security fixes
Peter Korsgaard
peter at korsgaard.com
Tue Apr 10 20:46:13 UTC 2018
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> CVE-2017-14632: Libvorbis 1.3.5 allows Remote Code Execution upon freeing
> uninitialized memory in the function vorbis_analysis_headerout() in info.c
> when vi->channels<=0, a similar issue to Mozilla bug 550184.
> CVE-2017-14633: In libvorbis 1.3.5, an out-of-bounds array read
> vulnerability exists in the function mapping0_forward() in mapping0.c, which
> may lead to DoS when operating on a crafted audio file with
> vorbis_analysis().
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list