mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-01-01 13:58:06 +00:00
67d94fecb0
This is inactive project, so no official CVE fix will be available anymore. That however does not mean that there is no fix available. Following tries to prove that patch provided here is valid. NVD CVE report [1] links issue [2] where this is reported. Based on the report, fix was proposed in [3]. There was some review however the patch autor was not active. [4] was later created trying to adddress the comments, but the project was not active anymore. In this PR the patch was shrunk to a one-liner in discussion. I have tested the poc and it is real. The patch fixes it, while not breaking the execution if good file path is provided as argument. [1] https://nvd.nist.gov/vuln/detail/CVE-2023-43361 [2] https://github.com/xiph/vorbis-tools/issues/41 [3] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7 [4] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/8 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> |
||
|---|---|---|
| contrib | ||
| meta-filesystems | ||
| meta-gnome | ||
| meta-initramfs | ||
| meta-multimedia | ||
| meta-networking | ||
| meta-oe | ||
| meta-perl | ||
| meta-python | ||
| meta-webserver | ||
| meta-xfce | ||
| .gitignore | ||
| COPYING.MIT | ||
| README.md | ||
Collection of layers for the OE-core universe
Main layer maintainer: Khem Raj raj.khem@gmail.com
This repository is a collection of layers to suppliment OE-Core with additional packages, Each layer have designated maintainer Please see the respective READMEs in the layer subdirectories