[Buildroot] [PATCH 1/2] package/wavpack: security bump to version 5.2.0
Peter Korsgaard
peter at korsgaard.com
Thu Dec 19 13:43:44 UTC 2019
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> - Switch to github to get latest version
> - Drop patches (already in version)
> - Fix CVE-2018-19840: The function WavpackPackInit in pack_utils.c in
> libwavpack.a in WavPack through 5.1.0 allows attackers to cause a
> denial-of-service (resource exhaustion caused by an infinite loop) via
> a crafted wav audio file because WavpackSetConfiguration64 mishandles
> a sample rate of zero.
> - Fix CVE-2018-19841: The function WavpackVerifySingleBlock in
> open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers
> to cause a denial-of-service (out-of-bounds read and application
> crash) via a crafted WavPack Lossless Audio file, as demonstrated by
> wvunpack.
> - Add hash for license file
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list