vorbis-tools: patch CVE-2023-43361 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Peter Marko <peter.marko@siemens.com>	2025-01-17 19:26:43 +0100
committer	Khem Raj <raj.khem@gmail.com>	2025-01-17 11:01:39 -0800
commit	67d94fecb0dbd4f979b09a439c614ee4f01fc0c2 (patch)
tree	4eecf3603f0c2b738840476a7d6fb5775749af0c /meta-python/recipes-devtools/python/python3-python-multipart
parent	103c3392a8b286ae01a1e03bcd44ce36117fc4c8 (diff)
download	meta-openembedded-67d94fecb0dbd4f979b09a439c614ee4f01fc0c2.tar.gz

vorbis-tools: patch CVE-2023-43361

This is inactive project, so no official CVE fix will be available anymore. That however does not mean that there is no fix available. Following tries to prove that patch provided here is valid. NVD CVE report [1] links issue [2] where this is reported. Based on the report, fix was proposed in [3]. There was some review however the patch autor was not active. [4] was later created trying to adddress the comments, but the project was not active anymore. In this PR the patch was shrunk to a one-liner in discussion. I have tested the poc and it is real. The patch fixes it, while not breaking the execution if good file path is provided as argument. [1] https://nvd.nist.gov/vuln/detail/CVE-2023-43361 [2] https://github.com/xiph/vorbis-tools/issues/41 [3] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7 [4] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/8 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-python-multipart')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: