head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.16
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.14
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.12
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.10
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.8
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.6
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.4
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.2
	cube-native-xorg-base:1.2;
locks; strict;
comment	@# @;


1.2
date	2008.09.12.14.47.39;	author sborrill;	state dead;
branches;
next	1.1;

1.1
date	2008.09.08.18.42.21;	author ahoka;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update to 0.8.6i and fixes for CVE-2008-3732, CVE-2008-3794
@
text
@$NetBSD: patch-ac,v 1.1 2008/09/08 18:42:21 ahoka Exp $

Fix wrong boundary check in Speex decoder (CVE-2008-1686).

--- modules/codec/speex.c.orig	2008-03-23 22:41:48.000000000 +0000
+++ modules/codec/speex.c
@@@@ -332,7 +332,7 @@@@ static int ProcessInitialHeader( decoder
         msg_Err( p_dec, "cannot read Speex header" );
         return VLC_EGENERIC;
     }
-    if( p_header->mode >= SPEEX_NB_MODES )
+    if( p_header->mode >= SPEEX_NB_MODES || p_header->mode < 0 )
     {
         msg_Err( p_dec, "mode number %d does not (yet/any longer) exist in "
                  "this version of libspeex.", p_header->mode );
@


1.1
log
@Revive vlc08 as vlc 0.9.1 is out and the vlc package will be updated.
@
text
@d1 1
a1 1
$NetBSD: patch-ac,v 1.4 2008/04/20 15:31:03 tonnerre Exp $
@