Details: https://nvd.nist.gov/vuln/detail/CVE-2019-1010004
The description mentions that this vulnerability overlaps with CVE-2017-18189, and Debian's investigation[1] confirms that it is solved by the same commit. Add the ID to the CVE tag of CVE-2017-18189.patch. [1]: https://security-tracker.debian.org/tracker/CVE-2019-1010004 Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch index 3ca829b230..20af7cdada 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch @@ -8,7 +8,7 @@ into an infinite loop. Prevent this by sanity checking the channel count in open_read(). Also add an upper bound to prevent overflow in multiplication. -CVE: CVE-2017-18189 +CVE: CVE-2017-18189 CVE-2019-1010004 Upstream-Status: Backport [https://github.com/mansr/sox/commit/7a8ceb86212b28243bbb6d0de636f0dfbe833e53] Signed-off-by: Gyorgy Sarvari <[email protected]> ---
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123886): https://lists.openembedded.org/g/openembedded-devel/message/123886 Mute This Topic: https://lists.openembedded.org/mt/117467447/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
