summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/taglib/taglib
AgeCommit message (Collapse)Author
2021-03-06taglib: upgrade 1.11.1 -> 1.12Wang Mingyu
CVE-2017-12678.patch CVE-2018-11439.patch removed since they are included in 1.12 Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-09-07taglib: Security fix CVE-2018-11439Yi Zhao
CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. References: https://nvd.nist.gov/vuln/detail/CVE-2018-11439 Patch from: https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-08-25taglib: Security fix CVE-2017-12678Yi Zhao
CVE-2017-12678: In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-12678 Patch from: https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-23 15:20:11 +0000