Skip to content

fix(alsa-lib): CVE-2026-56109#12

Open
deepin-ci-robot wants to merge 2 commits into
masterfrom
fix/CVE-2026-56109
Open

fix(alsa-lib): CVE-2026-56109#12
deepin-ci-robot wants to merge 2 commits into
masterfrom
fix/CVE-2026-56109

Conversation

@deepin-ci-robot

Copy link
Copy Markdown
Contributor

CVE-2026-56109

Fix double-free vulnerability in parse_def() in src/conf.c.

When parsing nested compound or array configuration blocks,
parse_def() fails to check return values before continuing,
causing snd_config_delete() to be called twice on the same
already-freed node.

Upstream: alsa-project/alsa-lib@536dd6f

Fix double-free vulnerability in parse_def() in src/conf.c.
When parsing nested compound or array configuration blocks,
parse_def() fails to check return values before continuing,
causing snd_config_delete() to be called twice on the same
already-freed node.

Upstream: alsa-project/alsa-lib@536dd6f
Generated-By: deepseek-v4-flash
Co-Authored-By: hudeng <hudeng@deepin.org>
@github-actions

github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown

TAG Bot

TAG: 1.2.15.3-1deepin6
EXISTED: no
DISTRIBUTION: unstable

@deepin-ci-robot

Copy link
Copy Markdown
Contributor Author

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign zccrs for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Merge CVE-2026-25068 fix into PR #12.
- CVE-2026-25068: heap buffer overflow in topology decoder
- CVE-2026-56109: double-free in parse_def() in conf.c

CVE: CVE-2026-25068, CVE-2026-56109
Origin: upstream, alsa-project/alsa-lib@5f7fe3300
Generated-By: uos/deepseek-v4-flash
Co-Authored-By: hudeng <hudeng@deepin.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant