NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libmad: add security patch from debian

Browse Source 
Fixes:

CVE-2017-8372 - The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a
denial of service (assertion failure and application exit) via a crafted
audio file.

CVE-2017-8373 - The mad_layer_III function in layer3.c in Underbit MAD
libmad 0.15.1b allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted audio file.

CVE-2017-8374 - The mad_bit_skip function in bit.c in Underbit MAD libmad
0.15.1b allows remote attackers to cause a denial of service (heap-based
buffer over-read and application crash) via a crafted audio file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2017-07-04 10:42:11 +02:00
parent 7af50fddfd
commit 6369a06150
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
package/libmad/libmad.hash
View File

@ -1,2 +1,3 @@
# Locally computed:
sha256 bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690 libmad-0.15.1b.tar.gz
sha256 0e21f2c6b19337d0b237dacc04f7b90a56be7f359f4c9a2ee0b202d9af0cfa69 frame_length.diff

2
package/libmad/libmad.mk
View File

@ -10,6 +10,8 @@ LIBMAD_INSTALL_STAGING = YES
LIBMAD_LIBTOOL_PATCH = NO
LIBMAD_LICENSE = GPL-2.0+
LIBMAD_LICENSE_FILES = COPYING
LIBMAD_PATCH = \
https://sources.debian.net/data/main/libm/libmad/0.15.1b-8/debian/patches/frame_length.diff
define LIBMAD_PREVENT_AUTOMAKE
# Prevent automake from running.