diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-05-04 12:02:00 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-05-04 12:02:00 +0100 |
commit | eab5731cdf11d4ae8cdf111461d46fd96c5bdd37 (patch) | |
tree | ce35c6d01b5ff5de95c3a20fef853b9a6518ad2e /media-libs/libsoundtouch/files | |
parent | b7ebc951da8800f711142f69d9d958bde67a112d (diff) |
gentoo resync : 04.05.2019
Diffstat (limited to 'media-libs/libsoundtouch/files')
-rw-r--r-- | media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch b/media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch deleted file mode 100644 index 0e475a3e44e6..000000000000 --- a/media-libs/libsoundtouch/files/libsoundtouch-2.0.0-CVE-2017-92xx.patch +++ /dev/null @@ -1,36 +0,0 @@ -Description: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260
- Based on an upstream commit, original commit message was: "Added sanity
- checks against illegal input audio stream parameters e.g. wildly excessive
- samplerate".
- .
- There is no reference to CVEs or bugs, the commit was made after disclosure
- of the CVEs and all three proofs of concept (crafted wav files) fail after
- this commit.
- .
- The commit was made after version 2.0.0, so that version is also vulnerable.
- .
- Unrelated changes were stripped away by patch author, upstream commit author
- is Olli Parviainen <oparviai@iki.fi>.
-Author: Gabor Karsay <gabor.karsay@gmx.at>
-Origin: upstream, https://sourceforge.net/p/soundtouch/code/256/
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870854
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870856
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/source/SoundTouch/TDStretch.cpp -+++ b/source/SoundTouch/TDStretch.cpp -@@ -128,7 +128,12 @@ - int aSeekWindowMS, int aOverlapMS)
- {
- // accept only positive parameter values - if zero or negative, use old values instead
-- if (aSampleRate > 0) this->sampleRate = aSampleRate;
-+ if (aSampleRate > 0)
-+ {
-+ if (aSampleRate > 192000) ST_THROW_RT_ERROR("Error: Excessive samplerate");
-+ this->sampleRate = aSampleRate;
-+ }
-+
- if (aOverlapMS > 0) this->overlapMs = aOverlapMS;
-
- if (aSequenceMS > 0)
|