lcms2: add upstream security fix for CVE-2018-16435 - buildroot

diff options

author	Peter Korsgaard <peter@korsgaard.com>	2018-09-04 23:43:47 +0200
committer	Peter Korsgaard <peter@korsgaard.com>	2018-09-05 23:01:21 +0200
commit	9f81f578eb0af218752db0d69f7adf94584ada31 (patch)
tree	22e6b8b11ae4d138bfa20d2994027df586e81cfa /package/python-django/python-django.mk
parent	b63fb1de164e728983d5eb2ab3446e7ec4e90cf9 (diff)
download	buildroot-9f81f578eb0af218752db0d69f7adf94584ada31.tar.gz buildroot-9f81f578eb0af218752db0d69f7adf94584ada31.zip

lcms2: add upstream security fix for CVE-2018-16435

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. For more details, see: https://github.com/mm2/Little-CMS/issues/171 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16435 The upstream fix unfortunately includes a number of unrelated changes, but thse files are not used when building for Linux. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Diffstat (limited to 'package/python-django/python-django.mk')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: