From 0ce727d5d459c2319edc507eb2e71af8a1c9d5dc Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Sun, 19 Jul 2009 17:38:46 +0200
Subject: ape: added protection against large memory allocations

The function tag_ape_load() retrieves a 32 bit unsigned integer from
the input file, and passes it to g_malloc().  This is dangerous, and
may be used for a denial of service attack on MPD.
---
 NEWS | 1 +
 1 file changed, 1 insertion(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 66ad2cfed..8e2c59b78 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 ver 0.15.2 (2009/??/??)
 * tags:
   - ape: check the tag size (fixes integer underflow)
+  - ape: added protection against large memory allocations
 
 
 ver 0.15.1 (2009/07/15)
-- 
cgit v1.2.3