Commits
Peter Korsgaard committed 6e23252d638
mpg123: security bump to version 1.25.2 >From the release notes: - Extend pow tables for layer III to properly handle files with i-stereo and 5-bit scalefactors. Never observed them for real, just as fuzzed input to trigger the read overflow. Note: This one goes on record as CVE-2017-11126, calling remote denial of service. While the accesses are out of bounds for the pow tables, they still are safely within libmpg123's memory (other static tables). Just wrong values are used for computation, no actual crash unless you use something like GCC's AddressSanitizer, nor any information disclosure. - Avoid left-shifts of negative integers in layer I decoding. While we're at it, add a hash for the license file. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 474daa20f8da2a677250146e8ee1652206923ee8) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>