NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11db258cd6
kumquat-buildroot/package/mp4v2/Config.in
Fabrice Fontaine 0a860f21e1 package/mp4v2: security bump to version 4.1.3 
- Switch site to an active fork
- Send patch upstream
- Update indentation in hash file (two spaces)
- Fix the following CVEs:
  - CVE-2018-14054: A double free exists in the MP4StringProperty class
    in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again
    in the destructor once an exception is triggered.
    Fixed by
    f09cceeee5
  - CVE-2018-14325: In MP4v2 2.0.0, there is an integer underflow (with
    resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.
    Fixed by
    e475013c6e
  - CVE-2018-14326: In MP4v2 2.0.0, there is an integer overflow (with
    resultant memory corruption) when resizing MP4Array for the ftyp
    atom in mp4array.h.
    Fixed by
    70d823ccd8
  - CVE-2018-14379: MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0
    incorrectly uses the MP4ItemAtom data type in a certain case where
    MP4DataAtom is required, which allows remote attackers to cause a
    denial of service (memory corruption) or possibly have unspecified
    other impact via a crafted MP4 file, because access to the data
    structure has different expectations about layout as a result of
    this type confusion.
    Fixed by
    73f38b4296
  - CVE-2018-14403: MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0
    mishandles substrings of atom names, leading to use of an
    inappropriate data type for associated atoms. The resulting type
    confusion can cause out-of-bounds memory access.
    Fixed by
    51cb6b36f6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-05-29 22:05:51 +02:00

23 lines
516 B
Plaintext
Raw Blame History

config BR2_PACKAGE_MP4V2
bool "mp4v2"
depends on BR2_INSTALL_LIBSTDCPP
help
The MP4v2 library provides functions to read, create, and
modify mp4 files.
https://github.com/TechSmith/mp4v2/
if BR2_PACKAGE_MP4V2
config BR2_PACKAGE_MP4V2_UTIL
bool "Install mp4 command line tools"
help
Enable to install the mp4 command line tools mp4art,
mp4chaps, mp4extract, mp4info, mp4subtitle, mp4tags, and
mp4trackdump.
endif
comment "mp4v2 needs a toolchain w/ C++"
depends on !BR2_INSTALL_LIBSTDCPP
Reference in New Issue View Git Blame Copy Permalink