mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-01-01 13:58:06 +00:00
c7d64c7059
This is inactive project, so no official CVE fix will be available
anymore. That however does not mean that there is no fix available.
Following tries to prove that patch provided here is valid.
NVD CVE report [1] links issue [2] where this is reported.
Based on the report, fix was proposed in [3].
There was some review however the patch autor was not active.
[4] was later created trying to adddress the comments, but the project
was not active anymore. In this PR the patch was shrunk to a one-liner
in discussion.
I have tested the poc and it is real.
The patch fixes it, while not breaking the execution if good file path
is provided as argument.
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-43361
[2] https://github.com/xiph/vorbis-tools/issues/41
[3] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7
[4] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/8
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit
|
||
|---|---|---|
| contrib | ||
| meta-filesystems | ||
| meta-gnome | ||
| meta-initramfs | ||
| meta-multimedia | ||
| meta-networking | ||
| meta-oe | ||
| meta-perl | ||
| meta-python | ||
| meta-webserver | ||
| meta-xfce | ||
| .gitignore | ||
| COPYING.MIT | ||
| README.md | ||
Collection of layers for the OE-core universe
Main layer maintainer: Armin Kuster akuster808@gmail.com
This repository is a collection of layers to suppliment OE-Core with additional packages, Each layer have designated maintainer Please see the respective READMEs in the layer subdirectories