tag name | v1.1.4 (6e929f15a4272818bef320118f659570d350a616) |
tag date | 2017-01-20 16:08:01 -0500 |
tagged by | Jean-Marc Valin <jmvalin@jmvalin.ca> |
tagged object | commit 901c24328d... |
download | opus-1.1.4.tar.gz |
---|
Opus release 1.1.4
This release fixes a single bug. A specially-crafted Opus packet could cause
an integer wrap-around in the SILK LSF stabilization code. This would cause
an out-of-bounds read 256 bytes before a constant table. In most circumstances,
the consequences are harmless and the result is simply noise in the audio.
This was reported as CVE-2017-0381. Contrary to that report, we do not believe
that any remote code execution is possible. However, we are making this release
as a precaution.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJYgnxIAAoJEF5d2aNvkYnIZhkP/j+C2L41/I1ONDeR5SzzkpYn
jeM4TMduowcbiI4ao63Iaxrgqg4s9oLeVZHw2SPKXnWdmCXccpaASs0e6UW6yio5
X4V03G8/mTx4WfhxtuJ1gf0zLlekDNQ8zPYldB/rOhaET5kQclKCUjHA1I9XkzmJ
F/klNeT6EdF5iBpvYGhUKWOH/JD3JXqVySHw30r6fzhePglFzJm2a1YkOoQBOrvN
E/q61aKbxjNrz9DIMh8JWSTtqhILpHHwus4sTWxKLF3iKEjyj8957ZBheFbV5P3H
NVTdgD3u9FkIzEuDPmL23xYwWuN5LJ9dYN2FJ1Ek/1urjCn8PQ36V4ZsGJFT1hK3
pkAFbXWfbVTfFL/3vq+NRVFIxWu0gcxib7thPUWWMNNu4AWUsnDP5PlbcVcggT51
ngB4bR/V8Xp9L083Yi3IS6oZlNuKvpVY4fTklIDnqU7+FCogWMphHYOx48u2YiGM
8bun4vQgkj1+ZCKahW8qBfy+AtIUkxOjw0vecmlOjmA4h8WXjBGWEK1wCCKd4593
BEwJgVVz+4VogHZmpYvQBkFT44+Uyhj1ZyK0ebYkl31ZyOq2hygGM0a60qbZm8px
/c/iarHmOWdVwlT8hFOfyZ03ZELSs1H03s7BoqSaApCqqt300yRQr7PibJAgyn1g
YVWoyNj7YUAREBkRPivu
=UMgx
-----END PGP SIGNATURE-----