[Buildroot] [PATCH] lame: security bump to version 3.100

Peter Korsgaard peter at korsgaard.com
Sun Oct 22 22:49:38 UTC 2017


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > CVE-2017-9410: fill_buffer_resample function in libmp3lame/util.c heap-based
 > buffer over-read and ap

 > CVE-2017-9411: fill_buffer_resample function in libmp3lame/util.c invalid
 > memory read and application crash

 > CVE-2017-9412: unpack_read_samples function in frontend/get_audio.c invalid
 > memory read and application crash

 > Drop patches now upstream or no longer needed:

 > 0001-configure.patch: Upstream as mentioned in patch description

 > 0002-gtk1-ac-directives.patch: Upstream as mentioned in patch
 > description/release notes:

 > Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1.
 > This was transplanted back from aclocal.m4 with a patch provided by Andres
 > Mejia. This change makes it easy to regenerate autotools' files with a simple
 > invocation of autoconf -vfi.

 > 0003-msse.patch: Not needed as -march <x86-variant-with-msse-support>
 > nowadays implies -msse.

 > With these removed, autoreconf is no longer needed.

 > Also add a hash for the license file while we're at it.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2017.08.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list