Age | Commit message (Collapse) | Author |
|
CVE-2017-12678.patch
CVE-2018-11439.patch
removed since they are included in 1.12
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function in
oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause
information disclosure (heap-based buffer over-read) via a crafted audio
file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-11439
Patch from:
https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2017-12678: In TagLib 1.11.1, the rebuildAggregateFrames function in
id3v2framefactory.cpp has a pointer to cast vulnerability, which allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted audio file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-12678
Patch from:
https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|