aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2020-10-20 15:30:58 +0200
committerNatanael Copa <ncopa@alpinelinux.org>2020-10-20 14:29:32 +0000
commit573e07da91784d4d27c4bc8b9e9122495c7356d3 (patch)
treea2ee8b2181f7ff9959ee9c7925d7f1e438fae75d
parent98e86a12b0d01c3f4583695faf86081e4eaafeb7 (diff)
main/libvorbis: fix secfixes comment for CVE-2018-10393
Upstream claimed[1] that CVE-2018-10393 is a duplicate of CVE-2017-14160 but added follow up patch[2]. We applied this patch in 1.3.6-r2. [1]: https://gitlab.xiph.org/xiph/vorbis/-/issues/2334#note_52200 [2]: https://gitlab.xiph.org/xiph/vorbis/-/commit/a9eb99a5bd6f2d7da02d6cd13a428baf3a1bf48c ref #11914
-rw-r--r--main/libvorbis/APKBUILD3
1 files changed, 2 insertions, 1 deletions
diff --git a/main/libvorbis/APKBUILD b/main/libvorbis/APKBUILD
index f10ab42c777..05c08d84594 100644
--- a/main/libvorbis/APKBUILD
+++ b/main/libvorbis/APKBUILD
@@ -11,6 +11,8 @@ makedepends="libogg-dev"
source="https://downloads.xiph.org/releases/vorbis/libvorbis-$pkgver.tar.xz"
# secfixes:
+# 1.3.6-r2:
+# - CVE-2018-10393
# 1.3.6-r1:
# - CVE-2018-10392
# 1.3.6-r0:
@@ -20,7 +22,6 @@ source="https://downloads.xiph.org/releases/vorbis/libvorbis-$pkgver.tar.xz"
# - CVE-2017-14633
# 1.3.5-r3:
# - CVE-2017-14160
-# - CVE-2018-10393
build() {
./configure \