generic-poky

Author	SHA1	Message	Date
Tanu Kaskinen	d748513116	libvorbis: CVE-2018-5146 Prevent out-of-bounds write in codebook decoding. The bug could allow code execution from a specially crafted Ogg Vorbis file. References: https://www.debian.org/security/2018/dsa-4140 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146 (From OE-Core rev: 5c880fe974907195c563b5580cb43b3b2fb92203) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-04-02 17:06:25 +01:00
Tanu Kaskinen	8950d4ffc4	libvorbis: CVE-2017-14632 Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632 (From OE-Core rev: e584aca38396db5e3d461f57804519261eecedc2) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-04-02 17:06:25 +01:00
Tanu Kaskinen	20d103d881	libvorbis: CVE-2017-14633 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633 (From OE-Core rev: 3ea65ee8b31a16a20f5c28c19f4c758f8deabf6e) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2018-04-02 17:06:25 +01:00
Khem Raj	c6344d3b6a	libvorbis: Contain gcc specific compiler flags using configure option (From OE-Core rev: b6cdbf50e5c26c406e4ddecd66202ff7324f5468) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2017-03-24 23:43:32 +00:00

4 Commits