changelog: add missing CVE identifiers and entries
+ add missing "fix crash with unsupported MP4 files" entry.
+ add missing CVE identifiers
+ refer to the "root" issue when describing security issues. In this
case refering to the consequence (stack buffer overflow, NULL pointer
dereference, etc.) makes less sense since there are numerous
duplicates for each issue.
Hugo Lefeuvre authored 4 years ago
Hugo Lefeuvre committed 4 years ago
20 | 20 | * ignoring .user files from Visual Studio |
21 | 21 | |
22 | 22 | [ Hugo Lefeuvre ] |
23 | * CVE-2019-6956: Buffer over read in the function ps_mix_phase() | |
24 | (libfaad/ps_dec.c) (Closes: #914641). | |
25 | * CVE-2018-20196: Stack buffer overflow in the function calculate_gain | |
26 | (libfaad/sbr_hfadj.c). | |
27 | * CVE-2018-20199, CVE-2018-20360: NULL pointer dereference in the function | |
28 | ifilter_bank (libfaad/filtbank.c). | |
29 | * CVE-2018-20362: NULL pointer dereference vulnerability in the function | |
30 | ifilter_bank (libfaad/filtbank.c:275). | |
31 | * CVE-2018-20194: Stack buffer underflow in function | |
32 | calculate_gain(libfaad/sbr_hfadj.c:1314). | |
23 | * Fix crash with unsupported MP4 files (NULL pointer dereference, | |
24 | division by zero) | |
25 | * CVE-2019-6956: ps_dec: sanitize iid_index before mixing | |
26 | * CVE-2018-20196: sbr_fbt: sanitize sbr->M (should not exceed MAX_M) | |
27 | * CVE-2018-20199, CVE-2018-20360: specrec: better handle unexpected | |
28 | parametric stereo (PS) | |
29 | * CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, CVE-2018-20198, | |
30 | CVE-2018-20358: syntax.c: check for syntax element inconsistencies | |
31 | * CVE-2018-20194, CVE-2018-19503, CVE-2018-20197, CVE-2018-20357, | |
32 | CVE-2018-20359, CVE-2018-20361: sbr_hfadj: sanitize frequency band | |
33 | borders | |
33 | 34 | |
34 | 35 | [ Hugo Beauzée-Luyssen ] |
35 | * Fix a couple buffer overflows | |
36 | * CVE-2019-15296, CVE-2018-19502: Fix a couple buffer overflows | |
36 | 37 | |
37 | 38 | [ Filip Roséen ] |
38 | 39 | * Add patch to prevent crash on SCE followed by CPE |