[Buildroot] [PATCH] libvorbis: security bump to version 1.3.6

Peter Korsgaard peter at korsgaard.com
Fri Apr 6 16:54:45 UTC 2018


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes CVE-2018-5146: Prevent out-of-bounds write in codebook decoding.
 > Drop 0001-CVE-2017-14633-Don-t-allow-for-more-than-256-channel.patch and
 > 0002-CVE-2017-14632-vorbis_analysis_header_out-Don-t-clea.patch as they are
 > now upstream, and add a hash for the license file while we're at it.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2018.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list