summaryrefslogtreecommitdiffstats
path: root/package/sdl2/sdl2.hash
diff options
context:
space:
mode:
authorPeter Korsgaard <peter@korsgaard.com>2017-10-26 14:18:43 +0200
committerPeter Korsgaard <peter@korsgaard.com>2017-10-27 13:48:45 +0200
commit07a9f0200cfd1c34f33e8054f62b990d05ccb934 (patch)
tree3ed046ad2a568c03b2a2fc9456dd216687f0aa88 /package/sdl2/sdl2.hash
parent3a798acf239dee04d573f575337bf823c13020fd (diff)
downloadbuildroot-07a9f0200cfd1c34f33e8054f62b990d05ccb934.tar.gz
buildroot-07a9f0200cfd1c34f33e8054f62b990d05ccb934.zip
sdl2: security bump to version 2.0.7
Fixes CVE-2017-2888 - An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. Also add a hash for the license file while we're at it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/sdl2/sdl2.hash')
-rw-r--r--package/sdl2/sdl2.hash6
1 files changed, 4 insertions, 2 deletions
diff --git a/package/sdl2/sdl2.hash b/package/sdl2/sdl2.hash
index c0a8bfc77c..588f8f49ef 100644
--- a/package/sdl2/sdl2.hash
+++ b/package/sdl2/sdl2.hash
@@ -1,2 +1,4 @@
-# Locally calculated after checking http://www.libsdl.org/release/SDL2-2.0.6.tar.gz.sig
-sha256 03658b5660d16d7b31263a691e058ed37acdab155d68dabbad79998fb552c5df SDL2-2.0.6.tar.gz
+# Locally calculated after checking http://www.libsdl.org/release/SDL2-2.0.7.tar.gz.sig
+sha256 ee35c74c4313e2eda104b14b1b86f7db84a04eeab9430d56e001cea268bf4d5e SDL2-2.0.7.tar.gz
+# Locally calculated
+sha256 bbd2edb1789c33de29bb9f8d1dbe2774584a9ce8c4e3162944b7a3a447f5e85d COPYING.txt
OpenPOWER on IntegriCloud