jeans/motioneyeos
jeans/motioneyeos
1
0
Fork 0
mirror of https://github.com/motioneye-project/motioneyeos.git synced 2025-07-27 21:26:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

package/libvorbis: annote CVE-2018-10393

Browse Source 
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a
stack-based buffer over-read.

Same patch as for CVE-2017-14160

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - update 0001-*.patch to also reference CVE-2018-10393
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
Fabrice Fontaine 2020-03-01 19:02:26 +01:00 committed by Yann E. MORIN
parent 3321eef6f2
commit e21730db5c
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
package/libvorbis/0001-CVE-2017-14160-fix-bounds-check-on-very-low-sample-rates.patch
View File

@ -4,11 +4,14 @@ Subject: CVE-2017-14160: fix bounds check on very low sample rates.
X-Git-Url: https://git.xiph.org/?p=vorbis.git;a=commitdiff_plain;h=018ca26dece618457dd13585cad52941193c4a25 X-Git-Url: https://git.xiph.org/?p=vorbis.git;a=commitdiff_plain;h=018ca26dece618457dd13585cad52941193c4a25
CVE-2017-14160: fix bounds check on very low sample rates. CVE-2017-14160: fix bounds check on very low sample rates.
CVE-2018-10393: Out-of-bounds Read
Downloaded from upstream commit Downloaded from upstream commit
https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=018ca26dece618457dd13585cad52941193c4a25 https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=018ca26dece618457dd13585cad52941193c4a25
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: also fixes CVE-2018-10393]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
--- ---
diff --git a/lib/psy.c b/lib/psy.c diff --git a/lib/psy.c b/lib/psy.c

3
package/libvorbis/libvorbis.mk
View File

@ -13,6 +13,9 @@ LIBVORBIS_DEPENDENCIES = host-pkgconf libogg
LIBVORBIS_LICENSE = BSD-3-Clause LIBVORBIS_LICENSE = BSD-3-Clause
LIBVORBIS_LICENSE_FILES = COPYING LIBVORBIS_LICENSE_FILES = COPYING
# 0001-CVE-2017-14160-fix-bounds-check-on-very-low-sample-rates.patch
LIBVORBIS_IGNORE_CVES += CVE-2018-10393
# 0002-Sanity-check-number-of-channels-in-setup.patch # 0002-Sanity-check-number-of-channels-in-setup.patch
LIBVORBIS_IGNORE_CVES += CVE-2018-10392 LIBVORBIS_IGNORE_CVES += CVE-2018-10392