]> rtime.felk.cvut.cz Git - coffee/buildroot.git/commit
projects / coffee / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9f5ffe8) | patch
libvorbis: security bump to version 1.3.6
authorPeter Korsgaard <peter@korsgaard.com>
Fri, 16 Mar 2018 21:35:29 +0000 (22:35 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Tue, 10 Apr 2018 19:45:15 +0000 (21:45 +0200)
commit9754a77f74f0211c4620aa56e8bafbdf9b36c975
tree2bcccbfbac5fadbc839ba912086d5985e00ded8ctree | snapshot
parent9f5ffe8012830173cf6d2fb5276a77e6d08f235ecommit | diff
libvorbis: security bump to version 1.3.6

Fixes CVE-2018-5146: Prevent out-of-bounds write in codebook decoding.

Drop 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch and
0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch as they are
now upstream, and add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eca03d677448000f9c5387e8359c116508e03f79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1f11463b3d8ef55ff5baf2ebd6d599529e9ee6fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/libvorbis/0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch [deleted file] blob | history
package/libvorbis/0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch [deleted file] blob | history
package/libvorbis/libvorbis.hash diff | blob | history
package/libvorbis/libvorbis.mk diff | blob | history