flac: fix CVE-2021-0561

In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683 References: https://nvd.nist.gov/vuln/detail/CVE-2021-0561 Upstream patches: https://github.com/xiph/flac/commit/e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be (From OE-Core rev: 76d5c8d876f78d86e755c12360d41e40154eca0b) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Li Wang <li.wang@windriver.com> 2022-03-25 13:48:41 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-04-03 20:49:03 +0100
commit: 6e1ca0e922e7aee3eb945c0f04a2ace1c8b36100 (patch)
tree: 86997b639cce65aaa581f2c3825cf04f86965ba9 /meta/recipes-multimedia/flac/flac_1.3.3.bb
parent: d4cc78784b5ab4d68ef2883653f67da676154d8c (diff)
download: poky-6e1ca0e922e7aee3eb945c0f04a2ace1c8b36100.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/flac/flac_1.3.3.bb b/meta/recipes-multimedia/flac/flac_1.3.3.bb
index cb6692aedf..d3c352cc44 100644
--- a/meta/recipes-multimedia/flac/flac_1.3.3.bb
+++ b/meta/recipes-multimedia/flac/flac_1.3.3.bb
@@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \
 DEPENDS = "libogg"
 SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \
+           file://CVE-2021-0561.patch \
 "
 SRC_URI[md5sum] = "26703ed2858c1fc9ffc05136d13daa69"
author	Li Wang <li.wang@windriver.com>	2022-03-25 13:48:41 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-04-03 20:49:03 +0100
commit	6e1ca0e922e7aee3eb945c0f04a2ace1c8b36100 (patch)
tree	86997b639cce65aaa581f2c3825cf04f86965ba9 /meta/recipes-multimedia/flac/flac_1.3.3.bb
parent	d4cc78784b5ab4d68ef2883653f67da676154d8c (diff)
download	poky-6e1ca0e922e7aee3eb945c0f04a2ace1c8b36100.tar.gz

diff --git a/meta/recipes-multimedia/flac/flac_1.3.3.bb b/meta/recipes-multimedia/flac/flac_1.3.3.bb index cb6692aedf..d3c352cc44 100644 --- a/meta/recipes-multimedia/flac/flac_1.3.3.bb +++ b/meta/recipes-multimedia/flac/flac_1.3.3.bb
@@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \
15	DEPENDS = "libogg"	15	DEPENDS = "libogg"
16		16
17	SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \	17	SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \
		18	file://CVE-2021-0561.patch \
18	"	19	"
19		20
20	SRC_URI[md5sum] = "26703ed2858c1fc9ffc05136d13daa69"	21	SRC_URI[md5sum] = "26703ed2858c1fc9ffc05136d13daa69"