[mpg123-devel] mpg123 1.25.11 released
Brought to you by:
sobukus
From: Thomas O. <tho...@or...> - 2019-07-18 06:09:01
|
Hi folks, the OSS-Fuzz project integrated mpg123 and thus came a bunch of bugs they found. Please update to the current mpg123 1.25.11 to get rid of them. 1.25.11 ------- So, here is a number of bugs found by OSS-Fuzz. Credit to OSS-Fuzz for the bunch, then. - libmpg123: -- Fix out-of-bounds reads in ID3 parser for unsynced frames. (oss-fuzz-bug 15852) -- Fix out-of-bounds read for RVA2 frames with non-delimited identifier. (oss-fuzz-bug 15852) -- Fix implementation-defined parsing of RVA2 values. (oss-fuzz-bug 15862) -- Fix undefined parsing of APE header for skipping. Also prevent endless loop on premature end of supposed APE header. (oss-fuzz-bug 15864) -- Fix some syntax to make pedantic compiler happy. Alrighty then, Thomas PS: I got no CVEs for these. If downstream distros would like to have some, they are free to allocate numbers. Please tell me in that case, so that I can at least post them to the mpg123 website. |