diff --git a/backport-CVE-2020-23903.patch b/backport-CVE-2020-23903.patch new file mode 100644 index 0000000..4a43846 --- /dev/null +++ b/backport-CVE-2020-23903.patch @@ -0,0 +1,26 @@ +From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001 +From: Tristan Matthews +Date: Mon, 13 Jul 2020 23:25:03 -0400 +Subject: [PATCH] wav_io: guard against invalid channel numbers + +Fixes #13 +--- + src/wav_io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/wav_io.c b/src/wav_io.c +index c2e2bc8..4d77cd7 100644 +--- a/src/wav_io.c ++++ b/src/wav_io.c +@@ -108,7 +108,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32 + stmp = le_short(stmp); + *channels = stmp; + +- if (stmp>2) ++ if (stmp>2 || stmp<1) + { + fprintf (stderr, "Only mono and (intensity) stereo supported\n"); + return -1; +-- +1.8.3.1 + diff --git a/speex.spec b/speex.spec index ae1375d..bc264f2 100644 --- a/speex.spec +++ b/speex.spec @@ -1,12 +1,13 @@ Name: speex Version: 1.2.0 -Release: 5 +Release: 6 Summary: A Free Codec For Free Speech License: BSD URL: https://www.speex.org/ Source0: http://downloads.us.xiph.org/releases/speex/%{name}-%{version}.tar.gz Patch6000: backport-math_approx-use-unsigned-int-for-LCG-pseudorandom-ge.patch +Patch6001: backport-CVE-2020-23903.patch BuildRequires: gcc git pkgconfig(ogg) pkgconfig(speexdsp) @@ -69,6 +70,12 @@ This package is the development and files for speex. %{_mandir}/man1/speexdec.1.gz %changelog +* Mon Jun 06 2022 shixuantong - 1.2.0-6 +- Type:CVE +- ID:CVE-2020-23903 +- SUG:NA +- DESC:fix CVE-2020-23903 + * Mon Sep 14 2020 shangyibin - 1.2.0-5 - Type:bugfix - ID:NA