v1.1.4
object 901c24328de6e07ebea8aa341433085cc39c59f9
authorJean-Marc Valin <jmvalin@jmvalin.ca>
Fri, 20 Jan 2017 21:08:01 +0000 (16:08 -0500)
Opus release 1.1.4

This release fixes a single bug. A specially-crafted Opus packet could cause
an integer wrap-around in the SILK LSF stabilization code. This would cause
an out-of-bounds read 256 bytes before a constant table. In most circumstances,
the consequences are harmless and the result is simply noise in the audio.

This was reported as CVE-2017-0381. Contrary to that report, we do not believe
that any remote code execution is possible. However, we are making this release
as a precaution.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJYgnxIAAoJEF5d2aNvkYnIZhkP/j+C2L41/I1ONDeR5SzzkpYn
jeM4TMduowcbiI4ao63Iaxrgqg4s9oLeVZHw2SPKXnWdmCXccpaASs0e6UW6yio5
X4V03G8/mTx4WfhxtuJ1gf0zLlekDNQ8zPYldB/rOhaET5kQclKCUjHA1I9XkzmJ
F/klNeT6EdF5iBpvYGhUKWOH/JD3JXqVySHw30r6fzhePglFzJm2a1YkOoQBOrvN
E/q61aKbxjNrz9DIMh8JWSTtqhILpHHwus4sTWxKLF3iKEjyj8957ZBheFbV5P3H
NVTdgD3u9FkIzEuDPmL23xYwWuN5LJ9dYN2FJ1Ek/1urjCn8PQ36V4ZsGJFT1hK3
pkAFbXWfbVTfFL/3vq+NRVFIxWu0gcxib7thPUWWMNNu4AWUsnDP5PlbcVcggT51
ngB4bR/V8Xp9L083Yi3IS6oZlNuKvpVY4fTklIDnqU7+FCogWMphHYOx48u2YiGM
8bun4vQgkj1+ZCKahW8qBfy+AtIUkxOjw0vecmlOjmA4h8WXjBGWEK1wCCKd4593
BEwJgVVz+4VogHZmpYvQBkFT44+Uyhj1ZyK0ebYkl31ZyOq2hygGM0a60qbZm8px
/c/iarHmOWdVwlT8hFOfyZ03ZELSs1H03s7BoqSaApCqqt300yRQr7PibJAgyn1g
YVWoyNj7YUAREBkRPivu
=UMgx
-----END PGP SIGNATURE-----