[Buildroot] [PATCH] mpg123: security bump to version 1.25.1

Peter Korsgaard peter at korsgaard.com
Mon Jul 3 20:00:34 UTC 2017


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > From the release notes:
 > - Avoid memset(NULL, 0, 0) to calm down the paranoid.

 > - Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten
 >   offset from the frame flag bytes (unnoticed in practice for a long time).
 >   Fuzzers are in the house again.  This one got CVE-2017-10683.

 >   https://sourceforge.net/p/mpg123/bugs/252/

 > - Avoid a mostly harmless conditional jump depending on uninitialised
 > fr-> lay in compute_bpf() (mpg123_position()) when track is not ready yet.

 > - Fix undefined shifts on signed long mask in layer3.c (worked in practice,
 >   never right in theory).  Code might be a bit faster now, even.  Thanks to
 >   Agostino Sarubbo for reporting.

 > dlopen() is now directly used to load output modules (and the
 > --with-modules-suffix option has been removed), so adjust the modules logic
 > to match.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list