Skip to content
This repository has been archived by the owner on Oct 10, 2023. It is now read-only.

0.337.0
Compare
Choose a tag to compare
@cf-buildpacks-eng cf-buildpacks-eng released this 21 Nov 17:34
· 32 commits to main since this release
0.337.0
eeed621

Notably, this release addresses:

USN-5733-1 USN-5733-1: FLAC vulnerabilities:

  • CVE-2017-6888: An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
  • CVE-2020-0499: In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
  • CVE-2021-0561: In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
  • CVE-2017-6888: An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
  • CVE-2020-0499: In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
  • CVE-2021-0561: In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
-ii  libflac8:amd64  1.3.2-1          amd64  Free Lossless Audio Codec - runtime C library
+ii  libflac8:amd64  1.3.2-1ubuntu0.1 amd64  Free Lossless Audio Codec - runtime C library
Assets 3