summaryrefslogtreecommitdiffstats
path: root/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch
diff options
context:
space:
mode:
authorPeter Korsgaard <peter@korsgaard.com>2017-04-25 16:16:59 +0200
committerPeter Korsgaard <peter@korsgaard.com>2017-04-26 09:20:16 +0200
commit52bfb4b1ce25d870f9bab72d285f326ec7d0ad77 (patch)
tree66032baacfd85e11569bb0839cabfb103b90fc9f /package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch
parenta534030c6e67ff0319f8af2b55fe977a06f17dfd (diff)
downloadbuildroot-52bfb4b1ce25d870f9bab72d285f326ec7d0ad77.tar.gz
buildroot-52bfb4b1ce25d870f9bab72d285f326ec7d0ad77.zip
libcroco: add upstream security fixes
These have been added to upstream git after 0.6.12 was released. CVE-2017-7960 - The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. CVE-2017-7961 - The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. For more details, see: https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud