fix CVE-2009-3379
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libvorbis?expand=0&rev=11
This commit is contained in:
Git OBS Bridge
parent
2b7f20975e
commit
9de32d4bab
15
libvorbis-r16326-CVE-2009-3379.diff
Normal file
15
libvorbis-r16326-CVE-2009-3379.diff
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
lib/backends.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/lib/backends.h
|
||||
+++ b/lib/backends.h
|
||||
@@ -111,7 +111,7 @@
|
||||
int partitions; /* possible codebooks for a partition */
|
||||
int groupbook; /* huffbook for partitioning */
|
||||
int secondstages[64]; /* expanded out to pointers in lookup */
|
||||
- int booklist[256]; /* list of second stage books */
|
||||
+ int booklist[512]; /* list of second stage books */
|
||||
|
||||
const float classmetric1[64];
|
||||
const float classmetric2[64];
|
||||
14
libvorbis-r16597-CVE-2009-3379.diff
Normal file
14
libvorbis-r16597-CVE-2009-3379.diff
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
lib/codebook.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
--- a/lib/codebook.c
|
||||
+++ b/lib/codebook.c
|
||||
@@ -198,6 +198,7 @@
|
||||
for(i=0;i<s->entries;){
|
||||
long num=oggpack_read(opb,_ilog(s->entries-i));
|
||||
if(num==-1)goto _eofout;
|
||||
+ if(length>32)goto _errout;
|
||||
for(j=0;j<num && i<s->entries;j++,i++)
|
||||
s->lengthlist[i]=length;
|
||||
length++;
|
||||
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed May 26 15:03:32 CEST 2010 - tiwai@suse.de
|
||||
|
||||
- VUL-0: libvorbis: memory corruption while parsing ogg files
|
||||
(bnc#608192, CVE-2009-3379)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 16 10:17:40 CET 2009 - jengelh@medozas.de
|
||||
|
||||
|
||||
@ -40,6 +40,8 @@ Patch3: libvorbis-automake-fix.diff
|
||||
# Patch5: libvorbis-%{version}-aotuv-b5.7.diff
|
||||
Patch9: libvorbis-doc-fixes.diff
|
||||
Patch10: libvorbis-pkgconfig.patch
|
||||
Patch11: libvorbis-r16326-CVE-2009-3379.diff
|
||||
Patch12: libvorbis-r16597-CVE-2009-3379.diff
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
@ -106,6 +108,8 @@ Authors:
|
||||
# %patch5 -p1
|
||||
%patch9
|
||||
%patch10
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
if [ "%_lib" == "lib64" ]; then
|
||||
%patch1
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue
Block a user