Commit Graph

4 Commits

Author SHA1 Message Date
Peter Korsgaard
c363e070d8 libsndfile: security bump to version 1.0.28
Fixes:

CVE-2017-7585 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.

CVE-2017-7586 - In libsndfile before 1.0.28, an error in the "header_read()"
function (common.c) when handling ID3 tags can be exploited to cause a
stack-based buffer overflow via a specially crafted FLAC file.

CVE-2017-7741 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with write memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

CVE-2017-7742 - In libsndfile before 1.0.28, an error in the
"flac_buffer_copy()" function (flac.c) can be exploited to cause a
segmentation violation (with read memory access) via a specially crafted
FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

Dop undocumented patch adjusting SUBDIRS in Makefile.in as it no longer
applies.  Instead pass --disable-full-suite to disable man pages,
documentation and programs, as that was presumably the reason for the patch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-27 10:15:05 +02:00
Bernd Kuhls
e7a82e9653 package/libsndfile: bump version to 1.0.27
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-07 11:48:50 +02:00
Gustavo Zacarias
860894e8d7 libsndfile: security bump to version 1.0.26
Fixes:
CVE-2014-9496 - SD2 buffer read overflow.
CVE-2014-9756 - file_io.c divide by zero.
CVE-2015-7805 - AIIF heap write overflow.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-15 21:36:02 +01:00
Gustavo Zacarias
5d30841f86 libsndfile: add hash file
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
2015-07-16 22:36:36 +02:00