summary refs log tree commit diff
path: root/gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch')
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch19
1 files changed, 19 insertions, 0 deletions
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch b/gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch
new file mode 100644
index 0000000000..ddd1ce93f4
--- /dev/null
+++ b/gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch
@@ -0,0 +1,19 @@
+Fix CVE-2016-5118 (popen() shell vulnerability via filename).
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118
+
+Upstream patch copied from the bug announcement:
+http://seclists.org/oss-sec/2016/q2/432
+https://marc.info/?l=oss-security&m=146455222600609&w=2
+
+diff -r 33200fc645f6 magick/blob.c
+--- a/magick/blob.c	Sat Nov 07 14:49:16 2015 -0600
++++ b/magick/blob.c	Sun May 29 14:12:57 2016 -0500
+@@ -68,6 +68,7 @@
+ */
+ #define DefaultBlobQuantum  65541
+ 
++#undef HAVE_POPEN
+ 
+ /*
+   Enum declarations.