This repository has been archived by the owner on Oct 10, 2023. It is now read-only.
0.337.0
cf-buildpacks-eng
released this
21 Nov 17:34
·
32 commits
to main
since this release
Notably, this release addresses:
USN-5733-1 USN-5733-1: FLAC vulnerabilities:
- CVE-2017-6888: An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
- CVE-2020-0499: In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
- CVE-2021-0561: In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
- CVE-2017-6888: An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
- CVE-2020-0499: In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
- CVE-2021-0561: In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
-ii libflac8:amd64 1.3.2-1 amd64 Free Lossless Audio Codec - runtime C library
+ii libflac8:amd64 1.3.2-1ubuntu0.1 amd64 Free Lossless Audio Codec - runtime C library