diff options
| author | Ross Burton <ross.burton@intel.com> | 2019-03-05 16:29:59 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-05-22 00:31:48 +0100 |
| commit | c4d476508273b9c06ca6bcc42794107d59b56fba (patch) | |
| tree | bc17e9e5833060c4e3120b7997c4226ab1e25a70 /meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch | |
| parent | 0a0e9bd5134d450d1a01b97d179e8b13d00dbe9b (diff) | |
| download | poky-c4d476508273b9c06ca6bcc42794107d59b56fba.tar.gz | |
libsndfile1: update security patches
Remove CVE-2017-14245-14246.patch, fix rejected upstream as it doesn't solve the
underlying issue.
Instead 0001-a-ulaw-fix-multiple-buffer-overflows-432 also solves CVE-2017-14245
and CVE-2017-14246 properly.
Add patches for CVE-2017-12562 and CVE-2018-19758.
Refresh CVE-2018-13139.patch.
(From OE-Core rev: e6b272b7c0d10f49dde71dd9714aaa0fb6aec091)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch')
| -rw-r--r-- | meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch index 4ae3674df1..707373d414 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch | |||
| @@ -1,23 +1,25 @@ | |||
| 1 | From 5473aeef7875e54bd0f786fbdd259a35aaee875c Mon Sep 17 00:00:00 2001 | 1 | CVE: CVE-2018-13139 |
| 2 | From: Changqing Li <changqing.li@windriver.com> | 2 | Upstream-Status: Backport [9dc989eb89cd697e19897afa616d6ab0debe4822] |
| 3 | Date: Wed, 10 Oct 2018 08:59:30 +0800 | 3 | Signed-off-by: Ross Burton <ross.burton@intel.com> |
| 4 | Subject: [PATCH] libsndfile1: patch for CVE-2018-13139 | ||
| 5 | 4 | ||
| 6 | Upstream-Status: Backport [https://github.com/bwarden/libsndfile/ | 5 | From 9dc989eb89cd697e19897afa616d6ab0debe4822 Mon Sep 17 00:00:00 2001 |
| 7 | commit/df18323c622b54221ee7ace74b177cdcccc152d7] | 6 | From: "Brett T. Warden" <brett.t.warden@intel.com> |
| 7 | Date: Tue, 28 Aug 2018 12:01:17 -0700 | ||
| 8 | Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave | ||
| 8 | 9 | ||
| 9 | CVE: CVE-2018-13139 | 10 | Allocated buffer has space for only 16 channels. Verify that input file |
| 11 | meets this limit. | ||
| 10 | 12 | ||
| 11 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | 13 | Fixes #397 |
| 12 | --- | 14 | --- |
| 13 | programs/sndfile-deinterleave.c | 6 ++++++ | 15 | programs/sndfile-deinterleave.c | 7 +++++++ |
| 14 | 1 file changed, 6 insertions(+) | 16 | 1 file changed, 7 insertions(+) |
| 15 | 17 | ||
| 16 | diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c | 18 | diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c |
| 17 | index e27593e..721bee7 100644 | 19 | index e27593e2..cb497e1f 100644 |
| 18 | --- a/programs/sndfile-deinterleave.c | 20 | --- a/programs/sndfile-deinterleave.c |
| 19 | +++ b/programs/sndfile-deinterleave.c | 21 | +++ b/programs/sndfile-deinterleave.c |
| 20 | @@ -89,6 +89,12 @@ main (int argc, char **argv) | 22 | @@ -89,6 +89,13 @@ main (int argc, char **argv) |
| 21 | exit (1) ; | 23 | exit (1) ; |
| 22 | } ; | 24 | } ; |
| 23 | 25 | ||
| @@ -27,9 +29,9 @@ index e27593e..721bee7 100644 | |||
| 27 | + exit (1) ; | 29 | + exit (1) ; |
| 28 | + } ; | 30 | + } ; |
| 29 | + | 31 | + |
| 32 | + | ||
| 30 | state.channels = sfinfo.channels ; | 33 | state.channels = sfinfo.channels ; |
| 31 | sfinfo.channels = 1 ; | 34 | sfinfo.channels = 1 ; |
| 32 | 35 | ||
| 33 | -- | 36 | -- |
| 34 | 2.7.4 | 37 | 2.11.0 |
| 35 | |||