MIRRORS/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2025-10-22 15:03:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
styhead
meta-openembedded/meta-multimedia
History
Peter Marko c7d64c7059 vorbis-tools: patch CVE-2023-43361 
This is inactive project, so no official CVE fix will be available
anymore. That however does not mean that there is no fix available.
Following tries to prove that patch provided here is valid.

NVD CVE report [1] links issue [2] where this is reported.
Based on the report, fix was proposed in [3].
There was some review however the patch autor was not active.
[4] was later created trying to adddress the comments, but the project
was not active anymore. In this PR the patch was shrunk to a one-liner
in discussion.

I have tested the poc and it is real.
The patch fixes it, while not breaking the execution if good file path
is provided as argument.

[1] https://nvd.nist.gov/vuln/detail/CVE-2023-43361
[2] https://github.com/xiph/vorbis-tools/issues/41
[3] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7
[4] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/8

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 67d94fecb0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
..
classes Convert to new override syntax 2021-08-03 10:21:25 -07:00
conf layers: stop declaring compatibility with scarthgap 2024-05-28 09:34:02 -07:00
files Add static-passwd and static-group files 2023-10-10 08:51:47 -07:00
licenses Alliance for Open Media: new library 2020-10-06 08:45:24 -07:00
recipes-connectivity rygel: update 0.42.5 -> 0.44.0 2024-09-15 17:54:16 -07:00
recipes-dvb oscam: Upgrade to 1.20 2024-05-23 16:17:12 -07:00
recipes-mkv libebml: upgrade 1.4.4 -> 1.4.5 2024-01-19 09:51:05 -08:00
recipes-multimedia vorbis-tools: patch CVE-2023-43361 2025-02-04 14:29:37 -08:00
recipes-support xdg-desktop-portal-wlr: Update to latest on master branch 2024-09-03 22:33:20 -07:00
COPYING.MIT meta-multimedia: initial add 2012-02-24 13:53:17 +01:00
README.md meta-openemnedded: Add myself as styhead maintainer 2024-09-29 13:58:53 -07:00

README.md

This layer depends on:

URI: git://git.openembedded.org/openembedded-core branch: styhead

URI: git://git.openembedded.org/meta-openembedded layers: meta-oe branch: styhead

Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-multimedia][styhead]' in the subject

When sending single patches, please use something like: git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-multimedia][styhead][PATCH'

You are encouraged to fork the mirror on github https://github.com/openembedded/meta-openembedded to share your patches, this is preferred for patch sets consisting of more than one patch. Other services like GitLab, repo.or.cz or self hosted setups are of course accepted as well, 'git fetch ' works the same on all of them. We recommend github because it is free, easy to use, has been proven to be reliable and has a really good web GUI.

Layer maintainer: Armin Kuster akuster808@gmail.com