[Buildroot] [PATCH] package/mpg123: security bump to version 1.25.12
peter at korsgaard.com
Mon Sep 2 11:47:23 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> From the release notes:
> - Fix an out-of-bounds read of maximal two bytes for truncated RVA2 frames
> (oss-fuzz-bug 15975). The earlier fix around the same location needed
> one thought more. Actually, another though was needed, oss-fuzz-bug 16009
> documents the incomplete fix.
> - Fix an invalid write of one zero byte for empty ID3v2 frames that demand
> de-unsyncing (oss-fuzz-bug 16050).
> - Fix dynamic build with gcc -fsanitize=address (check for all dl functions
> before deciding that separate -ldl is not needed).
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2019.02.x and 2019.05.x, thanks.
Bye, Peter Korsgaard
More information about the buildroot