kumquat-buildroot/package/mp4v2/mp4v2.hash

# Locally computed
sha256  e3ad6c2dc451b0875dbe34bfe7f51f4fe278b391434c886083e6d3ecd5fa08c2  mp4v2-4.1.3.tar.gz
sha256  15e38684c940176e2fc76331a2299d2ab5115ac997078f768ef31b896af69fc5  COPYING
package/m*: add license file hashes Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> 2020-02-02 20:43:05 +01:00			`# Locally computed`
package/mp4v2: security bump to version 4.1.3 - Switch site to an active fork - Send patch upstream - Update indentation in hash file (two spaces) - Fix the following CVEs: - CVE-2018-14054: A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered. Fixed by https://github.com/TechSmith/mp4v2/commit/f09cceeee5bd7f783fd31f10e8b3c440ccf4c743 - CVE-2018-14325: In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp. Fixed by https://github.com/TechSmith/mp4v2/commit/e475013c6ef78093055a02b0d035eda0f9f01451 - CVE-2018-14326: In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h. Fixed by https://github.com/TechSmith/mp4v2/commit/70d823ccd8e2d7d0ed9e62fb7e8983d21e6acbeb - CVE-2018-14379: MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion. Fixed by https://github.com/TechSmith/mp4v2/commit/73f38b4296aeb38617fa3923018bb78671c3b833 - CVE-2018-14403: MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access. Fixed by https://github.com/TechSmith/mp4v2/commit/51cb6b36f6c8edf9f195d5858eac9ba18b334a16 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2020-05-15 23:13:27 +02:00			`sha256 e3ad6c2dc451b0875dbe34bfe7f51f4fe278b391434c886083e6d3ecd5fa08c2 mp4v2-4.1.3.tar.gz`
package/m*: add license file hashes Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> 2020-02-02 20:43:05 +01:00			`sha256 15e38684c940176e2fc76331a2299d2ab5115ac997078f768ef31b896af69fc5 COPYING`