git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Li Wang <li.wang@windriver.com>
	Fri, 25 Mar 2022 20:48:41 +0000 (13:48 -0700)
committer	Anuj Mittal <anuj.mittal@intel.com>
	Wed, 30 Mar 2022 14:15:41 +0000 (22:15 +0800)
commit	76d5c8d876f78d86e755c12360d41e40154eca0b
tree	1bd4c3655c6445a456c4d9288137fcdf045028cd	tree \| snapshot
parent	03c3af8bcd0a7059ae37e6e633d9c94310ebdc16	commit \| diff

flac: fix CVE-2021-0561

In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is
a possible out of bounds write due to a missing bounds check. This
could lead to local information disclosure with no additional
execution privileges needed. User interaction is not needed for
exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-0561

Upstream patches:
https://github.com/xiph/flac/commit/e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

meta/recipes-multimedia/flac/flac/CVE-2021-0561.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/flac/flac_1.3.3.bb		diff \| blob \| blame \| history