diff options
| author |   Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | 2018-07-28 10:20:08 +0530 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-13 10:55:13 +0100 |
| commit | a8e6ce64d4561826f2f5926c2dc67939c95a8626 (patch) | |
| tree | a528494b579eef9a52c220b6dba2d429890d280a | |
| parent | 5bed33fbd29eea9449114186d42b4b2a5e88b32f (diff) | |
| download | openembedded-core-a8e6ce64d4561826f2f5926c2dc67939c95a8626.tar.gz | |
libvorbis: CVE-2018-10392
Sanity check number of channels in setup.
Fixes #2335.
Link: https://gitlab.xiph.org/xiph/vorbis/issues/2335
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch | 29 | ||||
| -rw-r--r-- | meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb | 1 |
2 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch new file mode 100644 index 0000000000..f1ef6fb9c7 --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch @@ -0,0 +1,29 @@ +From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Thu, 17 May 2018 16:19:19 -0700 +Subject: [PATCH] Sanity check number of channels in setup. + +Fixes #2335. +CVE: CVE-2018-10392 +Upstream-Status: Backport [https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b] + +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + lib/vorbisenc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c +index 4fc7b62..64a51b5 100644 +--- a/lib/vorbisenc.c ++++ b/lib/vorbisenc.c +@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ + highlevel_encode_setup *hi=&ci->hi; + + if(ci==NULL)return(OV_EINVAL); ++ if(vi->channels<1||vi->channels>255)return(OV_EINVAL); + if(!hi->impulse_block_p)i0=1; + + /* too low/high an ATH floater is nonsensical, but doesn't break anything */ +-- +2.13.3 + diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb index 1a49e593a6..615b53963b 100644 --- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb +++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb @@ -17,6 +17,7 @@ SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \ file://CVE-2017-14632.patch \ file://CVE-2018-5146.patch \ file://CVE-2017-14160.patch \ + file://CVE-2018-10392.patch \ " SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f" SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1" |