Subject: CVS commit: pkgsrc/audio/libopus
From: Thomas Klausner
Date: 2017-01-22 14:04:55
Message id:

Log Message:
Updated libopus to 1.1.4.

This Opus 1.1.4 release fixes a single bug. A specially-crafted
Opus packet could cause an integer wrap-around in the SILK LSF
stabilization code. This would cause an out-of-bounds read 256
bytes before a constant table. In most circumstances, the consequences
are harmless and the result is simply noise in the audio.

This was reported as CVE-2017-0381. Contrary to that report, our
own analysis shows that no remote code execution is possible.
However, we are making this release as a precaution.