diff options
Diffstat (limited to 'meta/recipes-multimedia')
6 files changed, 160 insertions, 142 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/0001-a-ulaw-fix-multiple-buffer-overflows-432.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/0001-a-ulaw-fix-multiple-buffer-overflows-432.patch index c3f44ca235..a4679cef2a 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1/0001-a-ulaw-fix-multiple-buffer-overflows-432.patch +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/0001-a-ulaw-fix-multiple-buffer-overflows-432.patch | |||
@@ -1,3 +1,15 @@ | |||
1 | This patch fixes #429 (CVE-2018-19661 CVE-2018-19662) and #344 (CVE-2017-17456 | ||
2 | CVE-2017-17457). As per | ||
3 | https://github.com/erikd/libsndfile/issues/344#issuecomment-448504425 it also | ||
4 | fixes #317 (CVE-2017-14245 CVE-2017-14246). | ||
5 | |||
6 | CVE: CVE-2017-14245 CVE-2017-14246 | ||
7 | CVE: CVE-2017-17456 CVE-2017-17457 | ||
8 | CVE: CVE-2018-19661 CVE-2018-19662 | ||
9 | |||
10 | Upstream-Status: Backport [8ddc442d539ca775d80cdbc7af17a718634a743f] | ||
11 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
12 | |||
1 | From 39453899fe1bb39b2e041fdf51a85aecd177e9c7 Mon Sep 17 00:00:00 2001 | 13 | From 39453899fe1bb39b2e041fdf51a85aecd177e9c7 Mon Sep 17 00:00:00 2001 |
2 | From: Changqing Li <changqing.li@windriver.com> | 14 | From: Changqing Li <changqing.li@windriver.com> |
3 | Date: Mon, 7 Jan 2019 15:55:03 +0800 | 15 | Date: Mon, 7 Jan 2019 15:55:03 +0800 |
@@ -17,12 +29,6 @@ In this case, arbitrarily set the buffer value to 0. | |||
17 | This commit fixes #429 (CVE-2018-19661 and CVE-2018-19662) and | 29 | This commit fixes #429 (CVE-2018-19661 and CVE-2018-19662) and |
18 | fixes #344 (CVE-2017-17456 and CVE-2017-17457). | 30 | fixes #344 (CVE-2017-17456 and CVE-2017-17457). |
19 | 31 | ||
20 | Upstream-Status: Backport[https://github.com/erikd/libsndfile/ | ||
21 | commit/585cc28a93be27d6938f276af0011401b9f7c0ca] | ||
22 | |||
23 | CVE: CVE-2017-17456 CVE-2017-17457 CVE-2018-19661 CVE-2018-19662 | ||
24 | |||
25 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
26 | --- | 32 | --- |
27 | src/alaw.c | 9 +++++++-- | 33 | src/alaw.c | 9 +++++++-- |
28 | src/ulaw.c | 9 +++++++-- | 34 | src/ulaw.c | 9 +++++++-- |
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-12562.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-12562.patch new file mode 100644 index 0000000000..491dae3114 --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-12562.patch | |||
@@ -0,0 +1,96 @@ | |||
1 | Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in | ||
2 | libsndfile through 1.0.28 allows remote attackers to cause a denial of service | ||
3 | (application crash) or possibly have unspecified other impact. | ||
4 | |||
5 | CVE: CVE-2017-12562 | ||
6 | Upstream-Status: Backport [cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8] | ||
7 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
8 | |||
9 | From b6a9d7e95888ffa77d8c75ce3f03e6c7165587cd Mon Sep 17 00:00:00 2001 | ||
10 | From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de> | ||
11 | Date: Wed, 14 Jun 2017 12:25:40 +0200 | ||
12 | Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings | ||
13 | in binheader | ||
14 | |||
15 | Fixes the following problems: | ||
16 | 1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes. | ||
17 | 2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the | ||
18 | big switch statement by an amount (16 bytes) which is enough for all cases | ||
19 | where only a single value gets added. Cases 's', 'S', 'p' however | ||
20 | additionally write an arbitrary length block of data and again enlarge the | ||
21 | buffer to the required amount. However, the required space calculation does | ||
22 | not take into account the size of the length field which gets output before | ||
23 | the data. | ||
24 | 3. Buffer size requirement calculation in case 'S' does not account for the | ||
25 | padding byte ("size += (size & 1) ;" happens after the calculation which | ||
26 | uses "size"). | ||
27 | 4. Case 'S' can overrun the header buffer by 1 byte when no padding is | ||
28 | involved | ||
29 | ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while | ||
30 | the buffer is only guaranteed to have "size" space available). | ||
31 | 5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte | ||
32 | beyond the space which is guaranteed to be allocated in the header buffer. | ||
33 | 6. Case 's' can overrun the provided source string by 1 byte if padding is | ||
34 | involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;" | ||
35 | where "size" is "strlen (strptr) + 1" (which includes the 0 terminator, | ||
36 | plus optionally another 1 which is padding and not guaranteed to be | ||
37 | readable via the source string pointer). | ||
38 | |||
39 | Closes: https://github.com/erikd/libsndfile/issues/292 | ||
40 | --- | ||
41 | src/common.c | 15 +++++++-------- | ||
42 | 1 file changed, 7 insertions(+), 8 deletions(-) | ||
43 | |||
44 | diff --git a/src/common.c b/src/common.c | ||
45 | index 1a6204ca..6b2a2ee9 100644 | ||
46 | --- a/src/common.c | ||
47 | +++ b/src/common.c | ||
48 | @@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) | ||
49 | /* Write a C string (guaranteed to have a zero terminator). */ | ||
50 | strptr = va_arg (argptr, char *) ; | ||
51 | size = strlen (strptr) + 1 ; | ||
52 | - size += (size & 1) ; | ||
53 | |||
54 | - if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16)) | ||
55 | + if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) | ||
56 | return count ; | ||
57 | |||
58 | if (psf->rwf_endian == SF_ENDIAN_BIG) | ||
59 | - header_put_be_int (psf, size) ; | ||
60 | + header_put_be_int (psf, size + (size & 1)) ; | ||
61 | else | ||
62 | - header_put_le_int (psf, size) ; | ||
63 | + header_put_le_int (psf, size + (size & 1)) ; | ||
64 | memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ; | ||
65 | + size += (size & 1) ; | ||
66 | psf->header.indx += size ; | ||
67 | psf->header.ptr [psf->header.indx - 1] = 0 ; | ||
68 | count += 4 + size ; | ||
69 | @@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) | ||
70 | */ | ||
71 | strptr = va_arg (argptr, char *) ; | ||
72 | size = strlen (strptr) ; | ||
73 | - if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) | ||
74 | + if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) | ||
75 | return count ; | ||
76 | if (psf->rwf_endian == SF_ENDIAN_BIG) | ||
77 | header_put_be_int (psf, size) ; | ||
78 | else | ||
79 | header_put_le_int (psf, size) ; | ||
80 | - memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ; | ||
81 | + memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ; | ||
82 | size += (size & 1) ; | ||
83 | psf->header.indx += size ; | ||
84 | - psf->header.ptr [psf->header.indx] = 0 ; | ||
85 | count += 4 + size ; | ||
86 | break ; | ||
87 | |||
88 | @@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) | ||
89 | size = (size & 1) ? size : size + 1 ; | ||
90 | size = (size > 254) ? 254 : size ; | ||
91 | |||
92 | - if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) | ||
93 | + if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size)) | ||
94 | return count ; | ||
95 | |||
96 | header_put_byte (psf, size) ; | ||
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14245-14246.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14245-14246.patch deleted file mode 100644 index a17ec21f98..0000000000 --- a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14245-14246.patch +++ /dev/null | |||
@@ -1,121 +0,0 @@ | |||
1 | From 2d54514a4f6437b67829717c05472d2e3300a258 Mon Sep 17 00:00:00 2001 | ||
2 | From: Fabian Greffrath <fabian@greffrath.com> | ||
3 | Date: Wed, 27 Sep 2017 14:46:17 +0200 | ||
4 | Subject: [PATCH] sfe_copy_data_fp: check value of "max" variable for being | ||
5 | normal | ||
6 | |||
7 | and check elements of the data[] array for being finite. | ||
8 | |||
9 | Both checks use functions provided by the <math.h> header as declared | ||
10 | by the C99 standard. | ||
11 | |||
12 | Fixes #317 | ||
13 | CVE: CVE-2017-14245 | ||
14 | CVE: CVE-2017-14246 | ||
15 | |||
16 | Upstream-Status: Backport [https://github.com/fabiangreffrath/libsndfile/commit/2d54514a4f6437b67829717c05472d2e3300a258] | ||
17 | |||
18 | Signed-off-by: Fabian Greffrath <fabian@greffrath.com> | ||
19 | Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | ||
20 | --- | ||
21 | programs/common.c | 20 ++++++++++++++++---- | ||
22 | programs/common.h | 2 +- | ||
23 | programs/sndfile-convert.c | 6 +++++- | ||
24 | 3 files changed, 22 insertions(+), 6 deletions(-) | ||
25 | |||
26 | diff --git a/programs/common.c b/programs/common.c | ||
27 | index a21e62c..a249a58 100644 | ||
28 | --- a/programs/common.c | ||
29 | +++ b/programs/common.c | ||
30 | @@ -36,6 +36,7 @@ | ||
31 | #include <string.h> | ||
32 | #include <ctype.h> | ||
33 | #include <stdint.h> | ||
34 | +#include <math.h> | ||
35 | |||
36 | #include <sndfile.h> | ||
37 | |||
38 | @@ -45,7 +46,7 @@ | ||
39 | |||
40 | #define MIN(x, y) ((x) < (y) ? (x) : (y)) | ||
41 | |||
42 | -void | ||
43 | +int | ||
44 | sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) | ||
45 | { static double data [BUFFER_LEN], max ; | ||
46 | int frames, readcount, k ; | ||
47 | @@ -54,6 +55,8 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize | ||
48 | readcount = frames ; | ||
49 | |||
50 | sf_command (infile, SFC_CALC_SIGNAL_MAX, &max, sizeof (max)) ; | ||
51 | + if (!isnormal (max)) /* neither zero, subnormal, infinite, nor NaN */ | ||
52 | + return 1 ; | ||
53 | |||
54 | if (!normalize && max < 1.0) | ||
55 | { while (readcount > 0) | ||
56 | @@ -67,12 +70,16 @@ sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize | ||
57 | while (readcount > 0) | ||
58 | { readcount = sf_readf_double (infile, data, frames) ; | ||
59 | for (k = 0 ; k < readcount * channels ; k++) | ||
60 | - data [k] /= max ; | ||
61 | + { data [k] /= max ; | ||
62 | + | ||
63 | + if (!isfinite (data [k])) /* infinite or NaN */ | ||
64 | + return 1; | ||
65 | + } | ||
66 | sf_writef_double (outfile, data, readcount) ; | ||
67 | } ; | ||
68 | } ; | ||
69 | |||
70 | - return ; | ||
71 | + return 0 ; | ||
72 | } /* sfe_copy_data_fp */ | ||
73 | |||
74 | void | ||
75 | @@ -252,7 +259,12 @@ sfe_apply_metadata_changes (const char * filenames [2], const METADATA_INFO * in | ||
76 | |||
77 | /* If the input file is not the same as the output file, copy the data. */ | ||
78 | if ((infileminor == SF_FORMAT_DOUBLE) || (infileminor == SF_FORMAT_FLOAT)) | ||
79 | - sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) ; | ||
80 | + { if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, SF_FALSE) != 0) | ||
81 | + { printf ("Error : Not able to decode input file '%s'\n", filenames [0]) ; | ||
82 | + error_code = 1 ; | ||
83 | + goto cleanup_exit ; | ||
84 | + } ; | ||
85 | + } | ||
86 | else | ||
87 | sfe_copy_data_int (outfile, infile, sfinfo.channels) ; | ||
88 | } ; | ||
89 | diff --git a/programs/common.h b/programs/common.h | ||
90 | index eda2d7d..986277e 100644 | ||
91 | --- a/programs/common.h | ||
92 | +++ b/programs/common.h | ||
93 | @@ -62,7 +62,7 @@ typedef SF_BROADCAST_INFO_VAR (2048) SF_BROADCAST_INFO_2K ; | ||
94 | |||
95 | void sfe_apply_metadata_changes (const char * filenames [2], const METADATA_INFO * info) ; | ||
96 | |||
97 | -void sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ; | ||
98 | +int sfe_copy_data_fp (SNDFILE *outfile, SNDFILE *infile, int channels, int normalize) ; | ||
99 | |||
100 | void sfe_copy_data_int (SNDFILE *outfile, SNDFILE *infile, int channels) ; | ||
101 | |||
102 | diff --git a/programs/sndfile-convert.c b/programs/sndfile-convert.c | ||
103 | index dff7f79..e6de593 100644 | ||
104 | --- a/programs/sndfile-convert.c | ||
105 | +++ b/programs/sndfile-convert.c | ||
106 | @@ -335,7 +335,11 @@ main (int argc, char * argv []) | ||
107 | || (outfileminor == SF_FORMAT_DOUBLE) || (outfileminor == SF_FORMAT_FLOAT) | ||
108 | || (infileminor == SF_FORMAT_DOUBLE) || (infileminor == SF_FORMAT_FLOAT) | ||
109 | || (infileminor == SF_FORMAT_VORBIS) || (outfileminor == SF_FORMAT_VORBIS)) | ||
110 | - sfe_copy_data_fp (outfile, infile, sfinfo.channels, normalize) ; | ||
111 | + { if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, normalize) != 0) | ||
112 | + { printf ("Error : Not able to decode input file %s.\n", infilename) ; | ||
113 | + return 1 ; | ||
114 | + } ; | ||
115 | + } | ||
116 | else | ||
117 | sfe_copy_data_int (outfile, infile, sfinfo.channels) ; | ||
118 | |||
119 | -- | ||
120 | 2.7.4 | ||
121 | |||
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch index 4ae3674df1..707373d414 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch | |||
@@ -1,23 +1,25 @@ | |||
1 | From 5473aeef7875e54bd0f786fbdd259a35aaee875c Mon Sep 17 00:00:00 2001 | 1 | CVE: CVE-2018-13139 |
2 | From: Changqing Li <changqing.li@windriver.com> | 2 | Upstream-Status: Backport [9dc989eb89cd697e19897afa616d6ab0debe4822] |
3 | Date: Wed, 10 Oct 2018 08:59:30 +0800 | 3 | Signed-off-by: Ross Burton <ross.burton@intel.com> |
4 | Subject: [PATCH] libsndfile1: patch for CVE-2018-13139 | ||
5 | 4 | ||
6 | Upstream-Status: Backport [https://github.com/bwarden/libsndfile/ | 5 | From 9dc989eb89cd697e19897afa616d6ab0debe4822 Mon Sep 17 00:00:00 2001 |
7 | commit/df18323c622b54221ee7ace74b177cdcccc152d7] | 6 | From: "Brett T. Warden" <brett.t.warden@intel.com> |
7 | Date: Tue, 28 Aug 2018 12:01:17 -0700 | ||
8 | Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave | ||
8 | 9 | ||
9 | CVE: CVE-2018-13139 | 10 | Allocated buffer has space for only 16 channels. Verify that input file |
11 | meets this limit. | ||
10 | 12 | ||
11 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | 13 | Fixes #397 |
12 | --- | 14 | --- |
13 | programs/sndfile-deinterleave.c | 6 ++++++ | 15 | programs/sndfile-deinterleave.c | 7 +++++++ |
14 | 1 file changed, 6 insertions(+) | 16 | 1 file changed, 7 insertions(+) |
15 | 17 | ||
16 | diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c | 18 | diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c |
17 | index e27593e..721bee7 100644 | 19 | index e27593e2..cb497e1f 100644 |
18 | --- a/programs/sndfile-deinterleave.c | 20 | --- a/programs/sndfile-deinterleave.c |
19 | +++ b/programs/sndfile-deinterleave.c | 21 | +++ b/programs/sndfile-deinterleave.c |
20 | @@ -89,6 +89,12 @@ main (int argc, char **argv) | 22 | @@ -89,6 +89,13 @@ main (int argc, char **argv) |
21 | exit (1) ; | 23 | exit (1) ; |
22 | } ; | 24 | } ; |
23 | 25 | ||
@@ -27,9 +29,9 @@ index e27593e..721bee7 100644 | |||
27 | + exit (1) ; | 29 | + exit (1) ; |
28 | + } ; | 30 | + } ; |
29 | + | 31 | + |
32 | + | ||
30 | state.channels = sfinfo.channels ; | 33 | state.channels = sfinfo.channels ; |
31 | sfinfo.channels = 1 ; | 34 | sfinfo.channels = 1 ; |
32 | 35 | ||
33 | -- | 36 | -- |
34 | 2.7.4 | 37 | 2.11.0 |
35 | |||
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch new file mode 100644 index 0000000000..c3586f9dfc --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | There is a heap-based buffer over-read at wav.c in wav_write_header in | ||
2 | libsndfile 1.0.28 that will cause a denial of service. | ||
3 | |||
4 | CVE: CVE-2018-19758 | ||
5 | Upstream-Status: Backport [42132c543358cee9f7c3e9e9b15bb6c1063a608e] | ||
6 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
7 | |||
8 | From c12173b0197dd0c5cfa2cd27977e982d2ae59486 Mon Sep 17 00:00:00 2001 | ||
9 | From: Erik de Castro Lopo <erikd@mega-nerd.com> | ||
10 | Date: Tue, 1 Jan 2019 20:11:46 +1100 | ||
11 | Subject: [PATCH] src/wav.c: Fix heap read overflow | ||
12 | |||
13 | This is CVE-2018-19758. | ||
14 | |||
15 | Closes: https://github.com/erikd/libsndfile/issues/435 | ||
16 | --- | ||
17 | src/wav.c | 2 ++ | ||
18 | 1 file changed, 2 insertions(+) | ||
19 | |||
20 | diff --git a/src/wav.c b/src/wav.c | ||
21 | index e8405b55..6fb94ae8 100644 | ||
22 | --- a/src/wav.c | ||
23 | +++ b/src/wav.c | ||
24 | @@ -1094,6 +1094,8 @@ wav_write_header (SF_PRIVATE *psf, int calc_length) | ||
25 | psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */ | ||
26 | psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ; | ||
27 | |||
28 | + /* Loop count is signed 16 bit number so we limit it range to something sensible. */ | ||
29 | + psf->instrument->loop_count &= 0x7fff ; | ||
30 | for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++) | ||
31 | { int type ; | ||
32 | |||
33 | -- | ||
34 | 2.11.0 | ||
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index 9700f4a6e7..eb2c719d8d 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb | |||
@@ -10,11 +10,12 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \ | |||
10 | file://CVE-2017-8361-8365.patch \ | 10 | file://CVE-2017-8361-8365.patch \ |
11 | file://CVE-2017-8362.patch \ | 11 | file://CVE-2017-8362.patch \ |
12 | file://CVE-2017-8363.patch \ | 12 | file://CVE-2017-8363.patch \ |
13 | file://CVE-2017-14245-14246.patch \ | ||
14 | file://CVE-2017-14634.patch \ | 13 | file://CVE-2017-14634.patch \ |
15 | file://CVE-2018-13139.patch \ | 14 | file://CVE-2018-13139.patch \ |
16 | file://0001-a-ulaw-fix-multiple-buffer-overflows-432.patch \ | 15 | file://0001-a-ulaw-fix-multiple-buffer-overflows-432.patch \ |
17 | file://CVE-2018-19432.patch \ | 16 | file://CVE-2018-19432.patch \ |
17 | file://CVE-2017-12562.patch \ | ||
18 | file://CVE-2018-19758.patch \ | ||
18 | " | 19 | " |
19 | 20 | ||
20 | SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c" | 21 | SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c" |