Here are some libvorbis CVE fixes cherry-picked from master. The bugs affect at least rocko, pyro and morty, I haven't checked older stable branches. I don't know in which libvorbis version the bugs were introduced.
These patches apply to morty. I have sent the rocko and pyro patches separately. Tanu Kaskinen (3): libvorbis: CVE-2017-14633 libvorbis: CVE-2017-14632 libvorbis: CVE-2018-5146 .../libvorbis/libvorbis/CVE-2017-14632.patch | 62 +++++++++++++ .../libvorbis/libvorbis/CVE-2017-14633.patch | 42 +++++++++ .../libvorbis/libvorbis/CVE-2018-5146.patch | 100 +++++++++++++++++++++ .../libvorbis/libvorbis_1.3.5.bb | 6 +- 4 files changed, 209 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch create mode 100644 meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch create mode 100644 meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch -- 2.16.2 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
