Overview
Request 148342 accepted
Fix a minor security issue. This fix is in version 1.0.2, however since we are in freeze, I cherrypicked this fix from upstream git.
From commit https://git.xiph.org/?p=opus.git;a=commit;h=9345aaa5ca1c2fb7d62981b2a538e0ce20612c38
Fixes an out-of-bounds read issue with the padding handling code
This was reported by Juri Aedla and is limited to reading memory up
to about 60 kB beyond the compressed buffer. This can only be triggered
by a compressed packet more than about 16 MB long, so it's not a problem
for RTP. In theory, it *could* crash an Ogg decoder if the memory just after
the incoming packet is out-of-range.
(forwarded request 148337 from Zaitor)
Request History
namtrac created request
Fix a minor security issue. This fix is in version 1.0.2, however since we are in freeze, I cherrypicked this fix from upstream git.
From commit https://git.xiph.org/?p=opus.git;a=commit;h=9345aaa5ca1c2fb7d62981b2a538e0ce20612c38
Fixes an out-of-bounds read issue with the padding handling code
This was reported by Juri Aedla and is limited to reading memory up
to about 60 kB beyond the compressed buffer. This can only be triggered
by a compressed packet more than about 16 MB long, so it's not a problem
for RTP. In theory, it *could* crash an Ogg decoder if the memory just after
the incoming packet is out-of-range.
(forwarded request 148337 from Zaitor)
licensedigger accepted review
{"approve": "license and version number unchanged: 1.0.1"}
factory-auto added a reviewer
Please review sources
factory-auto accepted review
Builds for repo openSUSE_Factory
lrupp approved review
lrupp accepted review
coolo accepted request
checkin
