diff options
author | Ross Burton <ross.burton@intel.com> | 2019-03-05 16:29:59 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-03-05 22:42:58 +0000 |
commit | a5625df8031985e9c60c34068a4a01c36da40eec (patch) | |
tree | c81ec89fed5453a5e07d3243e893224b79169bfb /meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch | |
parent | 713f44e0e0cde9b818c214002fd8b730d422fafa (diff) | |
download | openembedded-core-contrib-a5625df8031985e9c60c34068a4a01c36da40eec.tar.gz |
libsndfile1: update security patches
Remove CVE-2017-14245-14246.patch, fix rejected upstream as it doesn't solve the
underlying issue.
Instead 0001-a-ulaw-fix-multiple-buffer-overflows-432 also solves CVE-2017-14245
and CVE-2017-14246 properly.
Add patches for CVE-2017-12562 and CVE-2018-19758.
Refresh CVE-2018-13139.patch.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch')
-rw-r--r-- | meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch index 4ae3674df1..707373d414 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch @@ -1,23 +1,25 @@ -From 5473aeef7875e54bd0f786fbdd259a35aaee875c Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Wed, 10 Oct 2018 08:59:30 +0800 -Subject: [PATCH] libsndfile1: patch for CVE-2018-13139 +CVE: CVE-2018-13139 +Upstream-Status: Backport [9dc989eb89cd697e19897afa616d6ab0debe4822] +Signed-off-by: Ross Burton <ross.burton@intel.com> -Upstream-Status: Backport [https://github.com/bwarden/libsndfile/ -commit/df18323c622b54221ee7ace74b177cdcccc152d7] +From 9dc989eb89cd697e19897afa616d6ab0debe4822 Mon Sep 17 00:00:00 2001 +From: "Brett T. Warden" <brett.t.warden@intel.com> +Date: Tue, 28 Aug 2018 12:01:17 -0700 +Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave -CVE: CVE-2018-13139 +Allocated buffer has space for only 16 channels. Verify that input file +meets this limit. -Signed-off-by: Changqing Li <changqing.li@windriver.com> +Fixes #397 --- - programs/sndfile-deinterleave.c | 6 ++++++ - 1 file changed, 6 insertions(+) + programs/sndfile-deinterleave.c | 7 +++++++ + 1 file changed, 7 insertions(+) diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c -index e27593e..721bee7 100644 +index e27593e2..cb497e1f 100644 --- a/programs/sndfile-deinterleave.c +++ b/programs/sndfile-deinterleave.c -@@ -89,6 +89,12 @@ main (int argc, char **argv) +@@ -89,6 +89,13 @@ main (int argc, char **argv) exit (1) ; } ; @@ -27,9 +29,9 @@ index e27593e..721bee7 100644 + exit (1) ; + } ; + ++ state.channels = sfinfo.channels ; sfinfo.channels = 1 ; -- -2.7.4 - +2.11.0 |