taglib: Security fix CVE-2018-11439

CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. References: https://nvd.nist.gov/vuln/detail/CVE-2018-11439 Patch from: https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Yi Zhao <yi.zhao@windriver.com> 2018-09-07 08:22:05 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-09-07 17:48:32 +0100
commit: a300c4917b6c22ef039158be7ae92055c35658d4 (patch)
tree: 05268fb726e130b5137e2f7025c20a80ae83b5ef /meta/recipes-support/taglib/taglib_1.11.1.bb
parent: d2dc07ebc9e38a7936c942b7c89caa67b654c587 (diff)
download: openembedded-core-a300c4917b6c22ef039158be7ae92055c35658d4.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/taglib/taglib_1.11.1.bb b/meta/recipes-support/taglib/taglib_1.11.1.bb
index 50439bc14f..01dcf66d1e 100644
--- a/meta/recipes-support/taglib/taglib_1.11.1.bb
+++ b/meta/recipes-support/taglib/taglib_1.11.1.bb
@@ -10,6 +10,7 @@ DEPENDS = "zlib"
 
 SRC_URI = "http://taglib.github.io/releases/${BP}.tar.gz \
            file://CVE-2017-12678.patch \
+           file://CVE-2018-11439.patch \
           "
 
 SRC_URI[md5sum] = "cee7be0ccfc892fa433d6c837df9522a"
author	Yi Zhao <yi.zhao@windriver.com>	2018-09-07 08:22:05 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-09-07 17:48:32 +0100
commit	a300c4917b6c22ef039158be7ae92055c35658d4 (patch)
tree	05268fb726e130b5137e2f7025c20a80ae83b5ef /meta/recipes-support/taglib/taglib_1.11.1.bb
parent	d2dc07ebc9e38a7936c942b7c89caa67b654c587 (diff)
download	openembedded-core-a300c4917b6c22ef039158be7ae92055c35658d4.tar.gz