| Message ID | 20231011083951.177891-1-peter@korsgaard.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | package/libcue: security bump to version 2.3.0 | expand |
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > Fixes the following security issue: > CVE-2023-43641: Out-of-bounds array access in track_set_index > https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj > For more details, see the github writeup: > https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/ > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed, thanks.
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > Fixes the following security issue: > CVE-2023-43641: Out-of-bounds array access in track_set_index > https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj > For more details, see the github writeup: > https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/ > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed to 2023.02.x and 2023.08.x, thanks.
diff --git a/package/libcue/libcue.hash b/package/libcue/libcue.hash index 93ae2dacdb..47fe906e1a 100644 --- a/package/libcue/libcue.hash +++ b/package/libcue/libcue.hash @@ -1,3 +1,3 @@ # Locally computed: -sha256 f27bc3ebb2e892cd9d32a7bee6d84576a60f955f29f748b9b487b173712f1200 libcue-2.2.1.tar.gz +sha256 cc1b3a65c60bd88b77a1ddd1574042d83cf7cc32b85fe9481c99613359eb7cfe libcue-2.3.0.tar.gz sha256 c388d36583fa54e13b6d73ad924d0b68d073ed8a5771e17cb49104705df4504f LICENSE diff --git a/package/libcue/libcue.mk b/package/libcue/libcue.mk index 3edb4f3b69..7ef27f5a17 100644 --- a/package/libcue/libcue.mk +++ b/package/libcue/libcue.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBCUE_VERSION = 2.2.1 +LIBCUE_VERSION = 2.3.0 LIBCUE_SITE = $(call github,lipnitsk,libcue,v$(LIBCUE_VERSION)) LIBCUE_LICENSE = GPL-2.0, BSD-2-Clause (rem.c) LIBCUE_LICENSE_FILES = LICENSE
Fixes the following security issue: CVE-2023-43641: Out-of-bounds array access in track_set_index https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj For more details, see the github writeup: https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- package/libcue/libcue.hash | 2 +- package/libcue/libcue.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)