Commit Graph

6 Commits

Author SHA1 Message Date
Jackie Huang
3577a8277e libsndfile1: Fix CVE-2017-8363
Backport the patch to fix CVE-2017-8363:

The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (heap-based buffer
over-read and application crash) via a crafted audio file.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-8363

(From OE-Core rev: 9cc9956c5ed09f9016cb23bd763652e5ab55f3cd)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-08-18 23:46:38 +01:00
Jackie Huang
0bead40423 libsndfile1: Fix CVE-2017-8362
Backport the patch to fix CVE-2017-8362:

The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (invalid read and
application crash) via a crafted audio file.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-8362

(From OE-Core rev: 0c8da3f6f85962196f2ad54fffd839239f5c2274)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-08-18 23:46:38 +01:00
Jackie Huang
768cd2beff libsndfile1: Fix CVE-2017-8361 and CVE-2017-8365
Backport the patch to fix two CVEs:

CVE-2017-8361:
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (buffer overflow and
application crash) or possibly have unspecified other impact via a
crafted audio file.

CVE-2017-8365:
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote
attackers to cause a denial of service (buffer over-read and application
crash) via a crafted audio file.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-8361
https://nvd.nist.gov/vuln/detail/CVE-2017-8365

(From OE-Core rev: d92877ade8fd4dd9b548c6b664bf4357a1f9428a)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-08-18 23:46:37 +01:00
Fan Xin
d5e18f4a1a libsndfile1: Fix CVE-2017-6892
Backport upstream patch to fix CVE-2017-6892.

CVE: CVE-2017-6892

(From OE-Core rev: cc9b8d0afe64b83f585843f3aff1c077f69fd656)

Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-06-28 15:52:18 +01:00
Dongxiao Xu
60cf46671e libsndfile1: upgrade to version 1.0.24
(From OE-Core rev: 71794b266e3fcd9661f57a4ba70abc87e74b7326)

Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-04-28 10:44:29 +01:00
Saul Wold
041fc758e2 libsndfile: Upgrade to 1.0.23
Renamed and moved to recipes-multimedia

Signed-off-by: Saul Wold <Saul.Wold@intel.com>
2010-11-18 13:30:24 -08:00