cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 15:38:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

libvorbis: add patch for CVE-2017-14632 and CVE-2017-14633

Browse Source 
Signed-off-by: Ted Hess <thess@kitschensync.net>
This commit is contained in:
Ted Hess
2018-02-10 09:34:54 -05:00
parent d305f1144d
commit 287cb874c2
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libs/libvorbis/Makefile
+1 -3
View File
@@ -1,6 +1,4 @@
# #
# Copyright (C) 2008-2015 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2. # This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information. # See /LICENSE for more information.
# #
@@ -9,7 +7,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=libvorbis PKG_NAME:=libvorbis
PKG_VERSION:=1.3.5 PKG_VERSION:=1.3.5
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://downloads.xiph.org/releases/vorbis/ PKG_SOURCE_URL:=http://downloads.xiph.org/releases/vorbis/
libs/libvorbis/patches/100-CVE-2017-14632-CVE-2017-14633.patch
+12
View File
@@ -0,0 +1,12 @@
--- a/lib/info.c
+++ b/lib/info.c
@@ -583,7 +583,8 @@ int vorbis_analysis_headerout(vorbis_dsp
oggpack_buffer opb;
private_state *b=v->backend_state;
- if(!b||vi->channels<=0){
+ if(!b||vi->channels<=0||vi->channels>255){
+ b = NULL;
ret=OV_EFAULT;
goto err_out;
}