summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
Commit message (Collapse)AuthorAgeFilesLines
* libsndfile1: Fix CVE-2017-8363Jackie Huang2017-08-181-0/+1
| | | | | | | | | | | | | | | | Backport the patch to fix CVE-2017-8363: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-8363 (From OE-Core rev: 9cc9956c5ed09f9016cb23bd763652e5ab55f3cd) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: Fix CVE-2017-8362Jackie Huang2017-08-181-0/+1
| | | | | | | | | | | | | | | | Backport the patch to fix CVE-2017-8362: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-8362 (From OE-Core rev: 0c8da3f6f85962196f2ad54fffd839239f5c2274) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: Fix CVE-2017-8361 and CVE-2017-8365Jackie Huang2017-08-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Backport the patch to fix two CVEs: CVE-2017-8361: The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. CVE-2017-8365: The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-8361 https://nvd.nist.gov/vuln/detail/CVE-2017-8365 (From OE-Core rev: d92877ade8fd4dd9b548c6b664bf4357a1f9428a) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1_1.0.28.bb: set CVE_PRODUCT to libsndfileMikko Rapeli2017-07-241-0/+2
| | | | | | | | | | | | It is used in NVD to CVE's like: https://nvd.nist.gov/vuln/detail/CVE-2017-6892 (From OE-Core rev: adfb1c7fe28a6ef2bcf698f7415fd86b01bdc489) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: Fix CVE-2017-6892Fan Xin2017-06-281-1/+3
| | | | | | | | | | | | Backport upstream patch to fix CVE-2017-6892. CVE: CVE-2017-6892 (From OE-Core rev: cc9b8d0afe64b83f585843f3aff1c077f69fd656) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: 1.0.27 -> 1.0.28Huang Qiyu2017-05-231-0/+26
Upgrade libsndfile1 from 1.0.27 to 1.0.28. (From OE-Core rev: 86009f82c8c8206cc79f68d14d68c7c0b3ffe491) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-10 10:15:53 +0000