libid3tag

rpm/libid3tag

SHA256

Fork 0

forked from pool/libid3tag

Commit Graph

Author	SHA256	Message	Date
Tomáš Chvátal	8395e40781	Accepting request 578693 from home:kbabioch:branches:multimedia:libs - Added libid3tag-utf16.patch: Fixed id3_utf16_deserialize() in utf16.c, which previously misparsed ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until OOM leading to DoS. (CVE-2004-2779 bsc#1081959 CVE-2017-11551 bsc#1081961) - Added libid3tag-unknown-encoding.patch: Fixed the handling of unknown encodings when parsing ID3 tags. (CVE-2017-11550 bsc#1081962 CVE-2008-2109 bsc#387731) - Removed libid3tag-0.15.1b-fix_overflow.patch, since it is handled differently by libid3tag-utf16.patch already. OBS-URL: https://build.opensuse.org/request/show/578693 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libid3tag?expand=0&rev=18	2018-02-21 13:18:47 +00:00

Author

SHA256

Message

Date

Tomáš Chvátal

8395e40781

Accepting request 578693 from home:kbabioch:branches:multimedia:libs

- Added libid3tag-utf16.patch: Fixed id3_utf16_deserialize() in utf16.c,
  which previously misparsed ID3v2 tags encoded in UTF-16 with an odd
  number of bytes, triggering an endless loop allocating memory until
  OOM leading to DoS. (CVE-2004-2779 bsc#1081959 CVE-2017-11551
  bsc#1081961)
- Added libid3tag-unknown-encoding.patch: Fixed the handling of unknown
  encodings when parsing ID3 tags. (CVE-2017-11550 bsc#1081962
  CVE-2008-2109 bsc#387731)
- Removed libid3tag-0.15.1b-fix_overflow.patch, since it is handled
  differently by libid3tag-utf16.patch already.

OBS-URL: https://build.opensuse.org/request/show/578693
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libid3tag?expand=0&rev=18

2018-02-21 13:18:47 +00:00

1 Commits