Opus 1.0.2 fixes an out-of-bounds read that could be triggered by a malicious Opus packet by causing an integer wrap-around in the padding code. Considering that the packet would have to be at least 16 MB in size and that no out-of-bounds write is possible, the severity is very low. This new release also has the following changes:
Quality-impacting
Changed the behaviour of the PLC to always fill the caller's buffer
Properly decode in-band FEC for packets with multiple Opus frames
Hybrid mode quality improvements and fixes
Fixed bugs in the CELT mode PLC
Redundant mode transition fixes
Other changes
Stack reduction
Doc fixes (many)
16-bit fixes
Misc build fixes
New API calls: OPUS_GET_LAST_PACKET_DURATION ctl() and
opus_packet_get_nb_samples()
Minor code cleanup
As usual, this release is fully compliant with the Opus specification.
Please login to add feedback.
This update has been submitted for testing by pbrobinson.
This update is currently being pushed to the Fedora EPEL 5 testing updates repository.
This update has been pushed to testing
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by pbrobinson.
This update is currently being pushed to the Fedora EPEL 5 stable updates repository.
This update has been pushed to stable