]> rtime.felk.cvut.cz Git - coffee/buildroot.git/commit
projects / coffee / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e920e52) | patch
gst1-plugins-bad: add upstream patch to fix security issue in vmnc decoder
authorPeter Korsgaard <peter@korsgaard.com>
Mon, 28 Nov 2016 21:55:38 +0000 (22:55 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 28 Nov 2016 22:09:30 +0000 (23:09 +0100)
commitee99fe4088d0c75b3d2cfcd321d8af60b8fc959a
treefbe3c5a606a610299501112b0f0519a5c7f949c2tree | snapshot
parente920e521ac012e5f40720290341d8abceb41a6a6commit | diff
gst1-plugins-bad: add upstream patch to fix security issue in vmnc decoder

As detailed by Chris Evans, the vmnc decoder contains an integer overflow which
can be exploited:

https://scarybeastsecurity.blogspot.be/2016/11/0day-poc-risky-design-decisions-in.html

Fixes CVE-2016-9445 and CVE-2016-9446.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/gstreamer1/gst1-plugins-bad/0001-vmncdec-Sanity-check-width-height-before-using-it.patch [new file with mode: 0644] blob