helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

sox: mark CVE-2019-1010004 as patched

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-1010004

The description mentions that this vulnerability overlaps with CVE-2017-18189,
and Debian's investigation[1] confirms that it is solved by the same commit.

Add the ID to the CVE tag of CVE-2017-18189.patch.

[1]: https://security-tracker.debian.org/tracker/CVE-2019-1010004

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari 2026-01-26 14:05:03 +01:00 committed by Anuj Mittal
parent f81e7c9574
commit 157b2e377d
No known key found for this signature in database
GPG Key ID: 4340AEFE69F5085C
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch
View File

@ -8,7 +8,7 @@ into an infinite loop. Prevent this by sanity checking the channel
count in open_read(). Also add an upper bound to prevent overflow
in multiplication.
CVE: CVE-2017-18189
CVE: CVE-2017-18189 CVE-2019-1010004
Upstream-Status: Backport [https://github.com/mansr/sox/commit/7a8ceb86212b28243bbb6d0de636f0dfbe833e53]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---