diff options
author | Ross Burton <ross.burton@intel.com> | 2019-03-05 16:29:59 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-05-22 00:31:48 +0100 |
commit | c4d476508273b9c06ca6bcc42794107d59b56fba (patch) | |
tree | bc17e9e5833060c4e3120b7997c4226ab1e25a70 /meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch | |
parent | 0a0e9bd5134d450d1a01b97d179e8b13d00dbe9b (diff) | |
download | poky-c4d476508273b9c06ca6bcc42794107d59b56fba.tar.gz |
libsndfile1: update security patches
Remove CVE-2017-14245-14246.patch, fix rejected upstream as it doesn't solve the
underlying issue.
Instead 0001-a-ulaw-fix-multiple-buffer-overflows-432 also solves CVE-2017-14245
and CVE-2017-14246 properly.
Add patches for CVE-2017-12562 and CVE-2018-19758.
Refresh CVE-2018-13139.patch.
(From OE-Core rev: e6b272b7c0d10f49dde71dd9714aaa0fb6aec091)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch')
-rw-r--r-- | meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch index 4ae3674df1..707373d414 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch | |||
@@ -1,23 +1,25 @@ | |||
1 | From 5473aeef7875e54bd0f786fbdd259a35aaee875c Mon Sep 17 00:00:00 2001 | 1 | CVE: CVE-2018-13139 |
2 | From: Changqing Li <changqing.li@windriver.com> | 2 | Upstream-Status: Backport [9dc989eb89cd697e19897afa616d6ab0debe4822] |
3 | Date: Wed, 10 Oct 2018 08:59:30 +0800 | 3 | Signed-off-by: Ross Burton <ross.burton@intel.com> |
4 | Subject: [PATCH] libsndfile1: patch for CVE-2018-13139 | ||
5 | 4 | ||
6 | Upstream-Status: Backport [https://github.com/bwarden/libsndfile/ | 5 | From 9dc989eb89cd697e19897afa616d6ab0debe4822 Mon Sep 17 00:00:00 2001 |
7 | commit/df18323c622b54221ee7ace74b177cdcccc152d7] | 6 | From: "Brett T. Warden" <brett.t.warden@intel.com> |
7 | Date: Tue, 28 Aug 2018 12:01:17 -0700 | ||
8 | Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave | ||
8 | 9 | ||
9 | CVE: CVE-2018-13139 | 10 | Allocated buffer has space for only 16 channels. Verify that input file |
11 | meets this limit. | ||
10 | 12 | ||
11 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | 13 | Fixes #397 |
12 | --- | 14 | --- |
13 | programs/sndfile-deinterleave.c | 6 ++++++ | 15 | programs/sndfile-deinterleave.c | 7 +++++++ |
14 | 1 file changed, 6 insertions(+) | 16 | 1 file changed, 7 insertions(+) |
15 | 17 | ||
16 | diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c | 18 | diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c |
17 | index e27593e..721bee7 100644 | 19 | index e27593e2..cb497e1f 100644 |
18 | --- a/programs/sndfile-deinterleave.c | 20 | --- a/programs/sndfile-deinterleave.c |
19 | +++ b/programs/sndfile-deinterleave.c | 21 | +++ b/programs/sndfile-deinterleave.c |
20 | @@ -89,6 +89,12 @@ main (int argc, char **argv) | 22 | @@ -89,6 +89,13 @@ main (int argc, char **argv) |
21 | exit (1) ; | 23 | exit (1) ; |
22 | } ; | 24 | } ; |
23 | 25 | ||
@@ -27,9 +29,9 @@ index e27593e..721bee7 100644 | |||
27 | + exit (1) ; | 29 | + exit (1) ; |
28 | + } ; | 30 | + } ; |
29 | + | 31 | + |
32 | + | ||
30 | state.channels = sfinfo.channels ; | 33 | state.channels = sfinfo.channels ; |
31 | sfinfo.channels = 1 ; | 34 | sfinfo.channels = 1 ; |
32 | 35 | ||
33 | -- | 36 | -- |
34 | 2.7.4 | 37 | 2.11.0 |
35 | |||