diff options
author | Armin Kuster <akuster@mvista.com> | 2016-02-07 11:44:07 -0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2016-02-08 14:13:40 +0100 |
commit | a7c1a2b0e6947740758136216e45ca6ca66321fc (patch) | |
tree | 438e5706591ccf323260e4f01205ddcf672bd18d | |
parent | 7cb8c764e73692adb501cbb76e72ef3373fc74c2 (diff) | |
download | meta-openembedded-a7c1a2b0e6947740758136216e45ca6ca66321fc.tar.gz |
php: Security fix CVE-2016-1903
CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated
Signed-off-by: Armin Kuster <akuster@mvista.com>
-rw-r--r-- | meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch | 28 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/php/php_5.5.21.bb | 1 |
2 files changed, 29 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch b/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch new file mode 100644 index 000000000..46c9a24ac --- /dev/null +++ b/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From aa8d3a8cc612ba87c0497275f58a2317a90fb1c4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Remi Collet <remi@php.net> | ||
3 | Date: Tue, 12 Jan 2016 13:52:27 +0100 | ||
4 | Subject: [PATCH] fix the fix for bug #70976 (imagerotate) | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | https://github.com/php/php-src/commit/aa8d3a8cc612ba87c0497275f58a2317a90fb1c4 | ||
8 | |||
9 | CVE: CVE-2016-1903 | ||
10 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
11 | |||
12 | --- | ||
13 | ext/gd/libgd/gd_interpolation.c | 4 ++-- | ||
14 | 2 files changed, 4 insertions(+), 4 deletions(-) | ||
15 | |||
16 | Index: php-5.5.21/ext/gd/libgd/gd_interpolation.c | ||
17 | =================================================================== | ||
18 | --- php-5.5.21.orig/ext/gd/libgd/gd_interpolation.c | ||
19 | +++ php-5.5.21/ext/gd/libgd/gd_interpolation.c | ||
20 | @@ -2162,7 +2162,7 @@ gdImagePtr gdImageRotateInterpolated(con | ||
21 | images can be done at a later point. | ||
22 | */ | ||
23 | if (src->trueColor == 0) { | ||
24 | - if (bgcolor >= 0) { | ||
25 | + if (bgcolor < gdMaxColors) { | ||
26 | bgcolor = gdTrueColorAlpha(src->red[bgcolor], src->green[bgcolor], src->blue[bgcolor], src->alpha[bgcolor]); | ||
27 | } | ||
28 | gdImagePaletteToTrueColor(src); | ||
diff --git a/meta-oe/recipes-devtools/php/php_5.5.21.bb b/meta-oe/recipes-devtools/php/php_5.5.21.bb index ed286d6a8..6bdd1c5da 100644 --- a/meta-oe/recipes-devtools/php/php_5.5.21.bb +++ b/meta-oe/recipes-devtools/php/php_5.5.21.bb | |||
@@ -16,6 +16,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ | |||
16 | file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \ | 16 | file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \ |
17 | file://CVE-2015-7803.patch \ | 17 | file://CVE-2015-7803.patch \ |
18 | file://CVE-2015-7804.patch \ | 18 | file://CVE-2015-7804.patch \ |
19 | file://CVE-2016-1903.patch \ | ||
19 | " | 20 | " |
20 | 21 | ||
21 | SRC_URI_append_class-target += " \ | 22 | SRC_URI_append_class-target += " \ |