gdk-pixbuf: Security Advisory - gdk-pixbuf - CVE-2015-4491

pixops: Be more careful about integer overflow Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. (From OE-Core rev: e27f367d08becce9486f2890cb7382f3c8448246) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Li Zhou <li.zhou@windriver.com> 2015-08-18 11:45:41 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-08-19 18:05:37 +0100
commit: 050629cd64f71e85b90392a857824544e8a8926a (patch)
tree: 0f9d3f8b5c82325ae3f7815af26ca1da2b22b430 /meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
parent: 09ad7ca4cf9bb334a9eb5ec24b103b337569d440 (diff)
download: poky-050629cd64f71e85b90392a857824544e8a8926a.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
index a63d4546f6..07c2dcec16 100644
--- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
@@ -18,6 +18,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
           file://extending-libinstall-dependencies.patch \
           file://run-ptest \
           file://fatal-loader.patch \
+           file://0001-pixops-Be-more-careful-about-integer-overflow.patch \
           "
 SRC_URI[md5sum] = "4fed0d54432f1b69fc6e66e608bd5542"
author	Li Zhou <li.zhou@windriver.com>	2015-08-18 11:45:41 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-08-19 18:05:37 +0100
commit	050629cd64f71e85b90392a857824544e8a8926a (patch)
tree	0f9d3f8b5c82325ae3f7815af26ca1da2b22b430 /meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
parent	09ad7ca4cf9bb334a9eb5ec24b103b337569d440 (diff)
download	poky-050629cd64f71e85b90392a857824544e8a8926a.tar.gz

diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb index a63d4546f6..07c2dcec16 100644 --- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
@@ -18,6 +18,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
18	file://extending-libinstall-dependencies.patch \	18	file://extending-libinstall-dependencies.patch \
19	file://run-ptest \	19	file://run-ptest \
20	file://fatal-loader.patch \	20	file://fatal-loader.patch \
		21	file://0001-pixops-Be-more-careful-about-integer-overflow.patch \
21	"	22	"
22		23
23	SRC_URI[md5sum] = "4fed0d54432f1b69fc6e66e608bd5542"	24	SRC_URI[md5sum] = "4fed0d54432f1b69fc6e66e608bd5542"