Recommended update for mpg123
This update for mpg123 fixes the following issues:
- Update to version 1.25.6
* Hotfix for bug 255: Overflow reading frame data bits in layer
II decoding. Now, all-zero data is returned if the frame data
is exhausted. This might have a slight impact on performance,
but not easily measurable so far.
- Update to version 1.25.5
* Avoid another buffer read overflow in the ID3 parser on 32 bit
platforms (bug 254). (CVE-2017-12797/boo#1056999)
- Update to version 1.25.4
libmpg123:
* Prevent harmless call to memcpy(NULL, NULL, 0).
* More early checking of ID3v2 encoding values to avoid bogus
text being stored.
-
Submitted by
Luigi Baldoni (alois)
Fixed bugs
bnc#1056999
VUL-0: CVE-2017-12797: mpg123: Integer overflow in the INT123_parse_new_id3 function
