rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Tue, 4 Jul 2017 08:42:11 +0000 (10:42 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Tue, 4 Jul 2017 15:50:40 +0000 (17:50 +0200)
commit	6ae271cd55e6dbe53686b1d05bb379a15debf92f
tree	8f3d9841ca9f6e30e22a26a1da1bedc3b1e5d757	tree \| snapshot
parent	8e35239eb0129e4785070ab6130a792709e741ed	commit \| diff

libmad: add security patch from debian

Fixes:

CVE-2017-8372 - The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a
denial of service (assertion failure and application exit) via a crafted
audio file.

CVE-2017-8373 - The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted audio file.

CVE-2017-8374 - The mad_bit_skip function in bit.c in Underbit MAD libmad
0.15.1b allows remote attackers to cause a denial of service (heap-based
buffer over-read and application crash) via a crafted audio file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6369a06150b9a2991807c0418a7f0a865ef6c084)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libmad/libmad.hash		diff \| blob \| history
package/libmad/libmad.mk		diff \| blob \| history