diff options
author | Efraim Flashner <efraim@flashner.co.il> | 2016-03-08 11:49:04 +0200 |
---|---|---|
committer | Efraim Flashner <efraim@flashner.co.il> | 2016-03-08 11:54:58 +0200 |
commit | e224495ce1ce373cc43b49faa538116c9cac1466 (patch) | |
tree | d57a85ba15fb66dba9f2e56bf5f5032a9ab5d8d8 /gnu/packages/patches/jasper-CVE-2016-1577.patch | |
parent | 165e0382b3a3372ef0e7dc8d4cfbd42bc6e4deb0 (diff) | |
download | guix-e224495ce1ce373cc43b49faa538116c9cac1466.tar.gz |
gnu: jasper: Add fixes for CVE-2016-1577, CVE-2016-2089, CVE-2016-2116.
* gnu/packages/patches/jasper-CVE-2016-1557.patch, gnu/packages/patches/jasper-CVE-2016-2089.patch, gnu/packages/patches/jasper-CVE-2016-2116.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/image.scm (jasper)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/jasper-CVE-2016-1577.patch')
-rw-r--r-- | gnu/packages/patches/jasper-CVE-2016-1577.patch | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/gnu/packages/patches/jasper-CVE-2016-1577.patch b/gnu/packages/patches/jasper-CVE-2016-1577.patch new file mode 100644 index 0000000000..75bbd526af --- /dev/null +++ b/gnu/packages/patches/jasper-CVE-2016-1577.patch @@ -0,0 +1,19 @@ +Description: CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy() +Origin: vendor, http://www.openwall.com/lists/oss-security/2016/03/03/12 +Bug-Ubuntu: https://launchpad.net/bugs/1547865 +Bug-Debian: https://bugs.debian.org/816625 +Forwarded: not-needed +Author: Tyler Hicks <tyhicks@canonical.com> +Reviewed-by: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2016-03-05 + +--- a/src/libjasper/base/jas_icc.c ++++ b/src/libjasper/base/jas_icc.c +@@ -300,6 +300,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre + if (jas_iccprof_setattr(prof, tagtabent->tag, attrval)) + goto error; + jas_iccattrval_destroy(attrval); ++ attrval = 0; + } else { + #if 0 + jas_eprintf("warning: skipping unknown tag type\n"); |