Message ID | 20230922102506.1341353-1-michael.opdenacker@bootlin.com |
---|---|
State | Accepted, archived |
Delegated to: | Steve Sakoman |
Headers | show |
Series | [dunfell] flac: fix CVE-2020-22219 | expand |
On Fri, Sep 22, 2023 at 12:25 AM Michael Opdenacker via lists.openembedded.org <michael.opdenacker=bootlin.com@lists.openembedded.org> wrote: > > From: Michael Opdenacker <michael.opdenacker@bootlin.com> > > Buffer Overflow vulnerability in function bitwriter_grow_ in flac before > 1.4.0 allows remote attackers to run arbitrary code via crafted input to > the encoder. > > Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> > Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> > Tested-by: Michael Opdenacker <michael.opdenacker@bootlin.com> > > --- > meta/recipes-multimedia/flac/flac_1.3.3.bb | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/recipes-multimedia/flac/flac_1.3.3.bb b/meta/recipes-multimedia/flac/flac_1.3.3.bb > index cb6692aedf..ca04f36d1a 100644 > --- a/meta/recipes-multimedia/flac/flac_1.3.3.bb > +++ b/meta/recipes-multimedia/flac/flac_1.3.3.bb > @@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \ > DEPENDS = "libogg" > > SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \ > + file://CVE-2020-22219.patch \ You'll need to add the patch file to the commit too :-) Steve > " > > SRC_URI[md5sum] = "26703ed2858c1fc9ffc05136d13daa69" > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#188093): https://lists.openembedded.org/g/openembedded-core/message/188093 > Mute This Topic: https://lists.openembedded.org/mt/101518444/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-multimedia/flac/flac_1.3.3.bb b/meta/recipes-multimedia/flac/flac_1.3.3.bb index cb6692aedf..ca04f36d1a 100644 --- a/meta/recipes-multimedia/flac/flac_1.3.3.bb +++ b/meta/recipes-multimedia/flac/flac_1.3.3.bb @@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \ DEPENDS = "libogg" SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \ + file://CVE-2020-22219.patch \ " SRC_URI[md5sum] = "26703ed2858c1fc9ffc05136d13daa69"