]> rtime.felk.cvut.cz Git - coffee/buildroot.git/commit
projects / coffee / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b6f7a0e) | patch
libvorbis: security bump to version 1.3.6
authorPeter Korsgaard <peter@korsgaard.com>
Fri, 16 Mar 2018 21:35:29 +0000 (22:35 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 6 Apr 2018 14:36:45 +0000 (16:36 +0200)
commit1f11463b3d8ef55ff5baf2ebd6d599529e9ee6fb
tree88330ea7bf6a47b4f926ca6f9987242ab6daac82tree | snapshot
parentb6f7a0e38bb1f15e1553b9cdaf5ad979051e2d15commit | diff
libvorbis: security bump to version 1.3.6

Fixes CVE-2018-5146: Prevent out-of-bounds write in codebook decoding.

Drop 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch and
0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch as they are
now upstream, and add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eca03d677448000f9c5387e8359c116508e03f79)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/libvorbis/0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch [deleted file] blob | history
package/libvorbis/0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch [deleted file] blob | history
package/libvorbis/libvorbis.hash diff | blob | history
package/libvorbis/libvorbis.mk diff | blob | history