NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72b8cb6175
kumquat-buildroot/package/mpg123/mpg123.hash
Peter Korsgaard b3a0afd47f mpg123: security bump to version 1.25.1 
>From the release notes:

- Avoid memset(NULL, 0, 0) to calm down the paranoid.

- Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten
  offset from the frame flag bytes (unnoticed in practice for a long time).
  Fuzzers are in the house again.  This one got CVE-2017-10683.

  https://sourceforge.net/p/mpg123/bugs/252/

- Avoid a mostly harmless conditional jump depending on uninitialised
  fr->lay in compute_bpf() (mpg123_position()) when track is not ready yet.

- Fix undefined shifts on signed long mask in layer3.c (worked in practice,
  never right in theory).  Code might be a bit faster now, even.  Thanks to
  Agostino Sarubbo for reporting.

dlopen() is now directly used to load output modules (and the
--with-modules-suffix option has been removed), so adjust the modules logic
to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-03 21:59:51 +02:00

3 lines
144 B
Plaintext
Raw Blame History

# Locally calculated after checking pgp signature
sha256 0fe7270a4071367f97a7c1fb45fb2ef3cfef73509c205124e080ea569217b05f mpg123-1.25.1.tar.bz2
Reference in New Issue View Git Blame Copy Permalink