diff options
author | 2008-05-17 10:51:30 +0000 | |
---|---|---|
committer | 2008-05-17 10:51:30 +0000 | |
commit | 405e03eb07d820b5acfa75d0d85757b3ad32f9c6 (patch) | |
tree | 3cc5bf40b659e6c3a1255b138f0cf9e80c088aaa /media-libs/libvorbis/files | |
parent | fix ChangeLog header (diff) | |
download | gentoo-2-405e03eb07d820b5acfa75d0d85757b3ad32f9c6.tar.gz gentoo-2-405e03eb07d820b5acfa75d0d85757b3ad32f9c6.tar.bz2 gentoo-2-405e03eb07d820b5acfa75d0d85757b3ad32f9c6.zip |
Add fixes for various security issues, bug #222085
(Portage version: 2.1.5)
Diffstat (limited to 'media-libs/libvorbis/files')
3 files changed, 64 insertions, 0 deletions
diff --git a/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1419.patch b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1419.patch new file mode 100644 index 000000000000..34d8c520c561 --- /dev/null +++ b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1419.patch @@ -0,0 +1,15 @@ +https://trac.xiph.org/changeset/14602
+https://bugzilla.redhat.com/show_bug.cgi?id=440700
+http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1419
+
+Index: /trunk/vorbis/lib/codebook.c
+===================================================================
+--- /trunk/vorbis/lib/codebook.c (revision 13293)
++++ /trunk/vorbis/lib/codebook.c (revision 14602)
+@@ -226,5 +226,5 @@
+ switch(s->maptype){
+ case 1:
+- quantvals=_book_maptype1_quantvals(s);
++ quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
+ break;
+ case 2:
diff --git a/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1420.patch b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1420.patch new file mode 100644 index 000000000000..a0405e5246e2 --- /dev/null +++ b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1420.patch @@ -0,0 +1,34 @@ +http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1420
+https://bugzilla.redhat.com/show_bug.cgi?id=440706
+https://trac.xiph.org/changeset/14598
+
+Index: /trunk/vorbis/lib/res0.c
+===================================================================
+--- /trunk/vorbis/lib/res0.c (revision 13578)
++++ /trunk/vorbis/lib/res0.c (revision 14598)
+@@ -224,4 +224,18 @@
+ if(info->booklist[j]>=ci->books)goto errout;
+
++ /* verify the phrasebook is not specifying an impossible or
++ inconsistent partitioning scheme. */
++ {
++ int entries = ci->book_param[info->groupbook]->entries;
++ int dim = ci->book_param[info->groupbook]->dim;
++ int partvals = 1;
++ while(dim>0){
++ partvals *= info->partitions;
++ if(partvals > entries) goto errout;
++ dim--;
++ }
++ if(partvals != entries) goto errout;
++ }
++
+ return(info);
+ errout:
+@@ -264,5 +278,5 @@
+ }
+
+- look->partvals=rint(pow((float)look->parts,(float)dim));
++ look->partvals=look->phrasebook->entries;
+ look->stages=maxstage;
+ look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
diff --git a/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1423.patch b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1423.patch new file mode 100644 index 000000000000..d0e79b4dce10 --- /dev/null +++ b/media-libs/libvorbis/files/libvorbis-1.2.0-CVE-2008-1423.patch @@ -0,0 +1,15 @@ +http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1423
+https://bugzilla.redhat.com/show_bug.cgi?id=440709
+https://trac.xiph.org/changeset/14604
+
+Index: /trunk/vorbis/lib/codebook.c
+===================================================================
+--- /trunk/vorbis/lib/codebook.c (revision 14602)
++++ /trunk/vorbis/lib/codebook.c (revision 14604)
+@@ -159,4 +159,6 @@
+ s->entries=oggpack_read(opb,24);
+ if(s->entries==-1)goto _eofout;
++
++ if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
+
+ /* codeword ordering.... length ordered or unordered? */
|