diff options
author | Tobias Geerinckx-Rice <me@tobias.gr> | 2018-02-23 14:24:42 +0100 |
---|---|---|
committer | Tobias Geerinckx-Rice <me@tobias.gr> | 2018-02-23 16:00:04 +0100 |
commit | bbf8832f160120d4f78b563653db49ab715e7c6c (patch) | |
tree | 217482b39ebfd4aa03f7810e1cccb18c05a66ddf /gnu/packages/patches | |
parent | 5a82c904004d6db4bc3b2d294e6dacb5ac0139f8 (diff) | |
download | guix-bbf8832f160120d4f78b563653db49ab715e7c6c.tar.gz |
gnu: optipng: Update to 0.7.7 [security fixes].
This release claims to fix 2 vulnerabilities: - ‘an integer overflow vulnerability in the TIFF decoder’ (CVE-2017-1000229, previously patched in Guix), and - ‘a buffer overflow vulnerability in the GIF decoder’. * gnu/packages/image.scm (optipng): Update to 0.7.7. [source]: Remove patch. [arguments]: Substitute INVOKE for SYSTEM* and end phase with #t. * gnu/packages/patches/optipng-CVE-2017-1000229.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/optipng-CVE-2017-1000229.patch | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/gnu/packages/patches/optipng-CVE-2017-1000229.patch b/gnu/packages/patches/optipng-CVE-2017-1000229.patch deleted file mode 100644 index 2cb3b2f21c..0000000000 --- a/gnu/packages/patches/optipng-CVE-2017-1000229.patch +++ /dev/null @@ -1,22 +0,0 @@ -Fix CVE-2017-1000229: - -https://security-tracker.debian.org/tracker/CVE-2017-1000229 -https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000229.html -https://nvd.nist.gov/vuln/detail/CVE-2017-1000229 - -Patch copied from upstream bug tracker: -https://sourceforge.net/p/optipng/bugs/65/ - -diff --git a/src/minitiff/tiffread.c b/src/minitiff/tiffread.c -index b4910ec..5f9b376 100644 ---- a/src/minitiff/tiffread.c -+++ b/src/minitiff/tiffread.c -@@ -350,6 +350,8 @@ minitiff_read_info(struct minitiff_info *tiff_ptr, FILE *fp) - count = tiff_ptr->strip_offsets_count; - if (count == 0 || count > tiff_ptr->height) - goto err_invalid; -+ if (count > (size_t)-1 / sizeof(long)) -+ goto err_memory; - tiff_ptr->strip_offsets = (long *)malloc(count * sizeof(long)); - if (tiff_ptr->strip_offsets == NULL) - goto err_memory; |