[Buildroot] [PATCH] lame: security bump to version 3.100
Peter Korsgaard
peter at korsgaard.com
Sun Oct 22 22:49:38 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> CVE-2017-9410: fill_buffer_resample function in libmp3lame/util.c heap-based
> buffer over-read and ap
> CVE-2017-9411: fill_buffer_resample function in libmp3lame/util.c invalid
> memory read and application crash
> CVE-2017-9412: unpack_read_samples function in frontend/get_audio.c invalid
> memory read and application crash
> Drop patches now upstream or no longer needed:
> 0001-configure.patch: Upstream as mentioned in patch description
> 0002-gtk1-ac-directives.patch: Upstream as mentioned in patch
> description/release notes:
> Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1.
> This was transplanted back from aclocal.m4 with a patch provided by Andres
> Mejia. This change makes it easy to regenerate autotools' files with a simple
> invocation of autoconf -vfi.
> 0003-msse.patch: Not needed as -march <x86-variant-with-msse-support>
> nowadays implies -msse.
> With these removed, autoreconf is no longer needed.
> Also add a hash for the license file while we're at it.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list