summaryrefslogtreecommitdiffstats
path: root/package/libebml/0001-EbmlSInteger-Use-limits-instead-of-climits.patch
diff options
context:
space:
mode:
authorPeter Korsgaard <peter@korsgaard.com>2018-04-30 14:04:59 +0200
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>2018-04-30 17:38:32 +0200
commit5fb8fbbb3e776a186731ae929244a82ea2db1878 (patch)
tree5231c6e33090582c4c5ac64f4fe5a9489f6516cd /package/libebml/0001-EbmlSInteger-Use-limits-instead-of-climits.patch
parentf26654596ecfe40963cb51ba939c00de458fa82e (diff)
downloadbuildroot-5fb8fbbb3e776a186731ae929244a82ea2db1878.tar.gz
buildroot-5fb8fbbb3e776a186731ae929244a82ea2db1878.zip
sdl2_image: security bump to version 2.0.3
Fixes the following security issues: CVE-2017-12122: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14440: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14441: An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14442: An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14448: An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14449: A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. CVE-2017-14450: A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. For details, see the announcement: https://discourse.libsdl.org/t/sdl-image-2-0-3-released/23958 Also add a hash for the license file while we're at it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Diffstat (limited to 'package/libebml/0001-EbmlSInteger-Use-limits-instead-of-climits.patch')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud