[Buildroot] [PATCH] package/mpg123: security bump to version 1.25.12

Peter Korsgaard peter at korsgaard.com
Mon Sep 2 11:47:23 UTC 2019

>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > From the release notes:
 > - Fix an out-of-bounds read of maximal two bytes for truncated RVA2 frames
 >   (oss-fuzz-bug 15975). The earlier fix around the same location needed
 >   one thought more. Actually, another though was needed, oss-fuzz-bug 16009
 >   documents the incomplete fix.

 > - Fix an invalid write of one zero byte for empty ID3v2 frames that demand
 >   de-unsyncing (oss-fuzz-bug 16050).

 > - Fix dynamic build with gcc -fsanitize=address (check for all dl functions
 >   before deciding that separate -ldl is not needed).

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2019.02.x and 2019.05.x, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list