git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Shan Hai <shan.hai@windriver.com>
	Mon, 28 Jul 2014 05:18:50 +0000 (01:18 -0400)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 29 Jul 2014 08:58:26 +0000 (09:58 +0100)
commit	0685207d43b1bb7ad8be21e14c0f543070c9efcf
tree	c66eee58ae44cc42b33ed363440bebdd60425db4	tree
parent	c6a57f7f4c8502d8d401db4d872738f680cfc637	commit \| diff

pulseaudio: fix CVE-2014-3970

The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module
in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of
service (assertion failure and abort) via an empty UDP packet.

Fix it by picking a patch from pulseaudio upstream code.

(From OE-Core rev: f9d7407e54f1fa3d3a316a5bbb8b80665e6f03fd)

Signed-off-by: Shan Hai <shan.hai@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-multimedia/pulseaudio/pulseaudio/CVE-2014-3970.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/pulseaudio/pulseaudio_5.0.bb		diff \| blob \| blame \| history