On 08/23/2018 02:47 PM, Richard Purdie wrote:
On Tue, 2018-08-21 at 16:25 +0800, [email protected] wrote:
From: Changqing Li <[email protected]>
Signed-off-by: Changqing Li <[email protected]>
---
.../flac/flac/CVE-2017-6888.patch | 36
++++++++++++++++++++++
meta/recipes-multimedia/flac/flac_1.3.2.bb | 4 ++-
2 files changed, 39 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/flac/flac/CVE-2017-
6888.patch
diff --git a/meta/recipes-multimedia/flac/flac/CVE-2017-6888.patch
b/meta/recipes-multimedia/flac/flac/CVE-2017-6888.patch
new file mode 100644
index 0000000..0977f30
--- /dev/null
+++ b/meta/recipes-multimedia/flac/flac/CVE-2017-6888.patch
@@ -0,0 +1,36 @@
+From 43ecb6431077ff54e9df27f71737e6e96d6c039f Mon Sep 17 00:00:00
2001
+From: Changqing Li <[email protected]>
+Date: Tue, 21 Aug 2018 14:46:43 +0800
+Subject: [PATCH] From 5f47b63e9c971e6391590caf00a0f2a5ed612e67 Mon
Sep 17
+ 00:00:00 2001 From: Erik de Castro Lopo <[email protected]> Date:
Sat, 8
+ Apr 2017 18:34:49 +1000 Subject: [PATCH] stream_decoder.c: Fix a
memory leak
+
+Leak reported by Secunia Research.
+
+Upstream-Status: Backport[https://git.xiph.org/?p=flac.git;a=commit;
+ h=4f47b63e9c971e6391590caf00a0f2a5ed612e67]
+
+Update patch to version 1.3.2
+
+Signed-off-by: Changqing Li <[email protected]>
This patch is missing a CVE: header.
Please don't resend as I've just tweaked the patch in -next to add it
as I don't want to have to go through another round of testing for it.
Cheers,
Richard
Thanks.
Sandy
--
BRs
Sandy(Li Changqing)
+861084778653
--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
