libjpeg-turbo: Fix CVE-2020-13790 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	jason.lau <Haitao.Liu@windriver.com>	2020-06-18 16:31:36 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-07-08 10:47:50 +0100
commit	09d29eb36a335cadb1249f6849e090d22bbf5a2e (patch)
tree	5689a6eb1a67da081206dff08d20b83f118e0de0 /meta/recipes-devtools/qemu/qemu.inc
parent	e1d89748ec66ede80b08576b3f350ac5f84faaff (diff)
download	poky-09d29eb36a335cadb1249f6849e090d22bbf5a2e.tar.gz

libjpeg-turbo: Fix CVE-2020-13790

libjpeg-turbo 2.0.4 has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. Upstream-Status: Backport [https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a] CVE:CVE-2020-13790 (From OE-Core rev: 90f4e2f299d8cd6c839b73307dc7b0ec3d389294) Signed-off-by: Liu Haitao <haitao.liu@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-devtools/qemu/qemu.inc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: