rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Wed, 26 Apr 2017 11:52:14 +0000 (13:52 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Thu, 27 Apr 2017 08:15:05 +0000 (10:15 +0200)
commit	c363e070d8ee036052fbcadd153d8c39ce0db55b
tree	a78c6a0b4996e77c2c70a45d80d363de0c282246	tree \| snapshot
parent	c3b548020404b5ca5b52d388d2a5bc9926db0b45	commit \| diff

libsndfile: security bump to version 1.0.28

Fixes:

CVE-2017-7585 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.

CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()"
function (common.c) when handling ID3 tags can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.

CVE-2017-7741 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with write memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

CVE-2017-7742 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with read memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer
applies. Instead pass --disable-full-suite to disable man pages,
documentation and programs, as that was presumably the reason for the patch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libsndfile/0001-srconly.patch	[deleted file]	blob \| history
package/libsndfile/libsndfile.hash		diff \| blob \| history
package/libsndfile/libsndfile.mk		diff \| blob \| history