Package: flac / 1.3.0-3
Metadata
Package | Version | Patches format |
---|---|---|
flac | 1.3.0-3 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
Revert man Makefile Fail more gracefully.patch | (download) |
man/Makefile.am |
6 2 + 4 - 0 ! |
[patch] revert "man/makefile : fail more gracefully." This reverts commit 023f06f6cbc316127ca1a4fb4178ef344a413bd5. |
0002 Add missing config.h includes.patch | (download) |
src/libFLAC++/metadata.cpp |
4 4 + 0 - 0 ! |
[patch 2/3] add missing config.h includes All C and C++ files must include config.h Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com> |
0003 metaflac Fix local_strcat to terminate string correc.patch | (download) |
src/metaflac/utils.c |
2 1 + 1 - 0 ! |
[patch 3/3] metaflac : fix local_strcat() to terminate string correctly. The NUL char is written at incorrect place when the destination string is longer than 0, which causes memory corruption. It was broken by commit 2d6354ff2a618a79d40edbd4f208b4b07c5422f1. Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com> |
requires flac.patch | (download) |
src/libFLAC++/flac++.pc.in |
2 1 + 1 - 0 ! |
chain::status::as_cstring uses FLAC__Metadata_ChainStatusString which is in libFLAC. Since the function is inline, every program calling this function must also link with -lflac, but this is missing in flac++.pc. Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713645 |
CVE 2014 8962.patch | (download) |
src/libFLAC/stream_decoder.c |
6 5 + 1 - 0 ! |
[patch] src/libflac/stream_decoder.c : fix buffer read overflow. This is CVE-2014-8962. Reported-by: Michele Spagnuolo, Google Security Team <mikispag@google.com> |
CVE 2014 9028.patch | (download) |
src/libFLAC/stream_decoder.c |
3 2 + 1 - 0 ! |
[patch] src/libfacl/stream_decoder.c : fail safely to avoid a heap overflow. A file provided by the reporters caused the stream decoder to write to un-allocated heap space resulting in a segfault. The solution is to error out (by returning false from read_residual_partitioned_rice_()) instead of trying to continue to decode. Fixes: CVE-2014-9028 Reported-by: Michele Spagnuolo, Google Security Team <mikispag@google.com> |
CVE 2014 9028 2.patch | (download) |
src/libFLAC/stream_decoder.c |
3 2 + 1 - 0 ! |
[patch] src/libflac/stream_decoder.c : fail safely to avoid a heap overflow. This fix is closely related to the fix for CVE-2014-9028. When that fix went public Miroslav Lichvar noticed a similar potential problem spot in the same function and was able to craft a file to trigger a heap write overflow. Reported-by : Miroslav Lichvar <mlichvar@redhat.com> |