From cafdccb29c350a0f030ef55f9cc7d5c4c0b5a0bb Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Wed, 29 Apr 2015 11:02:19 +0200
Subject: libpng16: CVE-2015-0973

Fixes CVE-2015-0973 (duplicate of CVE-2014-9495), a heap-based overflow
vulnerability in the png_combine_row() function of the libpng library,
when very large interlaced images were used.

Upstream patch:
http://sourceforge.net/p/libpng/code/ci/dc294204b641373bc6eb603075a8b98f51a75dd8/

External Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973
http://seclists.org/oss-sec/2014/q4/1133

(From OE-Core rev: 10c8aeebca301ffd853e75df3f9c1d16d0352d76)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-multimedia/libpng/libpng_1.6.8.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-multimedia/libpng/libpng_1.6.8.bb')

diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.8.bb b/meta/recipes-multimedia/libpng/libpng_1.6.8.bb
index d063495f05..bb7745b47c 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.8.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.8.bb
@@ -10,6 +10,7 @@ LIBV = "16"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/project/libpng/libpng${LIBV}/${PV}/libpng-${PV}.tar.xz \
            file://0001-configure-lower-automake-requirement.patch \
+           file://libpng16-CVE-2015-0973.patch \
           "
 
 SRC_URI[md5sum] = "51ce71a1642cdde1f4485a7ff82193c0"
-- 
cgit v1.2.3-54-g00ecf