ming-0.4.8-1.fc25

Release 0.4.8 (no ABI or API changes)

* Add PHP7 compatibility
* Fix C++ output of disassembler
* Fix heap overflows in parser.c (CVE-2017-7578)
* Avoid division by zero in listmp3 when no valid frame was found (CVE-2016-9265)
* Don’t try printing unknown block (CVE-2016-9828)
* Parse Protect tag’s Password as string (CVE-2016-9827)
* Check values before deriving malloc parameters from them in parser.c (CVE-2016-9829)
* Make readString() stop reading string past buffer’s end
* Return EOF when reading unsigned values hits end of memory backed buffer
* Exit immediately when unexpected EOF is by fgetc() in utility programs (CVE-2016-9831)
* Fix using EOF marker -1 value as a valid flag byte (CVE-2016-9266)
* Fix division by zero sample rate due to global buffer overflow (CVE-2016-9264, CVE-2016-9265)

Leave a Reply