From: Michael Opdenacker <[email protected]> Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.
Signed-off-by: Meenali Gupta <[email protected]> Signed-off-by: Michael Opdenacker <[email protected]> Tested-by: Michael Opdenacker <[email protected]> --- meta/recipes-multimedia/flac/flac_1.3.3.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-multimedia/flac/flac_1.3.3.bb b/meta/recipes-multimedia/flac/flac_1.3.3.bb index cb6692aedf..ca04f36d1a 100644 --- a/meta/recipes-multimedia/flac/flac_1.3.3.bb +++ b/meta/recipes-multimedia/flac/flac_1.3.3.bb @@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \ DEPENDS = "libogg" SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \ + file://CVE-2020-22219.patch \ " SRC_URI[md5sum] = "26703ed2858c1fc9ffc05136d13daa69" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188093): https://lists.openembedded.org/g/openembedded-core/message/188093 Mute This Topic: https://lists.openembedded.org/mt/101518444/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
