| Message ID | 20260126130506.82699-9-skandigraun@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-multimedia,scarthgap,01/11] sox: patch CVE-2017-11332 | expand |
diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch index 3ca829b230..20af7cdada 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch @@ -8,7 +8,7 @@ into an infinite loop. Prevent this by sanity checking the channel count in open_read(). Also add an upper bound to prevent overflow in multiplication. -CVE: CVE-2017-18189 +CVE: CVE-2017-18189 CVE-2019-1010004 Upstream-Status: Backport [https://github.com/mansr/sox/commit/7a8ceb86212b28243bbb6d0de636f0dfbe833e53] Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> ---
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-1010004 The description mentions that this vulnerability overlaps with CVE-2017-18189, and Debian's investigation[1] confirms that it is solved by the same commit. Add the ID to the CVE tag of CVE-2017-18189.patch. [1]: https://security-tracker.debian.org/tracker/CVE-2019-1010004 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-18189.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)