| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | taglib: Security fix CVE-2018-11439 | Yi Zhao | 2018-09-10 | 1 | -0/+51 |
| | | | | | | | | | | | | | | | | | | | CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. References: https://nvd.nist.gov/vuln/detail/CVE-2018-11439 Patch from: https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278 (From OE-Core rev: a300c4917b6c22ef039158be7ae92055c35658d4) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||||
| * | taglib: Security fix CVE-2017-12678 | Yi Zhao | 2017-08-27 | 1 | -0/+40 |
| CVE-2017-12678: In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-12678 Patch from: https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6 (From OE-Core rev: 24ac12ecb19efc7c131c9711ba32e298ba860eb7) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | |||||
 |
index : linux/poky.git | |
| Mirror of git.yoctoproject.org/poky | N/A |
| summaryrefslogtreecommitdiffstats |