On Fri, Sep 22, 2023 at 12:25 AM Michael Opdenacker via lists.openembedded.org <michael.opdenacker=bootlin....@lists.openembedded.org> wrote: > > From: Michael Opdenacker <michael.opdenac...@bootlin.com> > > Buffer Overflow vulnerability in function bitwriter_grow_ in flac before > 1.4.0 allows remote attackers to run arbitrary code via crafted input to > the encoder. > > Signed-off-by: Meenali Gupta <meenali.gu...@windriver.com> > Signed-off-by: Michael Opdenacker <michael.opdenac...@bootlin.com> > Tested-by: Michael Opdenacker <michael.opdenac...@bootlin.com> > > --- > meta/recipes-multimedia/flac/flac_1.3.3.bb | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/recipes-multimedia/flac/flac_1.3.3.bb > b/meta/recipes-multimedia/flac/flac_1.3.3.bb > index cb6692aedf..ca04f36d1a 100644 > --- a/meta/recipes-multimedia/flac/flac_1.3.3.bb > +++ b/meta/recipes-multimedia/flac/flac_1.3.3.bb > @@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = > "file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \ > DEPENDS = "libogg" > > SRC_URI = "http://downloads.xiph.org/releases/flac/${BP}.tar.xz \ > + file://CVE-2020-22219.patch \
You'll need to add the patch file to the commit too :-) Steve > " > > SRC_URI[md5sum] = "26703ed2858c1fc9ffc05136d13daa69" > -- > 2.34.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188125): https://lists.openembedded.org/g/openembedded-core/message/188125 Mute This Topic: https://lists.openembedded.org/mt/101518444/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
