diff options
| author | Nguyễn Gia Phong <cnx@loang.net> | 2025-01-30 06:32:05 +0900 |
|---|---|---|
| committer | Nguyễn Gia Phong <cnx@loang.net> | 2025-01-30 06:32:05 +0900 |
| commit | 7e24e7ea03f2d0d588fb23d5b4b3aa56a2d3f29a (patch) | |
| tree | e37c81432569328b597cb808b195e57d92c79184 | |
| parent | 87b7aeab23038907831ce3f82ca09b84b04b2c8c (diff) | |
| download | loftix-7e24e7ea03f2d0d588fb23d5b4b3aa56a2d3f29a.tar.gz | |
Add potrace 1.11 for CVE-2013-7437
| -rw-r--r-- | README.md | 17 | ||||
| -rw-r--r-- | loftix/bugs.scm | 14 |
2 files changed, 27 insertions, 4 deletions
@@ -37,27 +37,35 @@ Then run `guix pull`. ## Bugs +### CVE-2013-7437 + +[potrace: possible heap overflow][redhat-955808] + + guix shell potrace@1.11 -- potrace bugs/cve-2013-7437/1.bmp + guix shell potrace@1.11 -- potrace bugs/cve-2013-7437/2.bmp + guix shell potrace@1.11 -- potrace bugs/cve-2013-7437/3.bmp + ### CVE-2016-9557 -[Signed integer overflow in jas_image.c][jasper-d42b238] +[JasPer: signed integer overflow][jasper-d42b238] guix shell jasper@1.900.19 -- imginfo -f bugs/cve-2016-9557/reproducer ### CVE-2017-14745 -[Integer overflow in elf64-x86-64.c, binutils 2.29.1][sourceware-22148] +[binutils: integer overflow][sourceware-22148] guix shell binutils@2.29 -- objdump -d bugs/cve-2017-14745/crash_1 ### CVE-2017-15025 -[Divide-by-zero in decode_line_info (dwarf2.c)][sourceware-22186] +[binutils: divide-by-zero][sourceware-22186] guix shell binutils@2.29 -- nm -l bugs/cve-2017-15025/3899.crashes.bin ### CVE-2017-15232 -[NULL pointer dereference in quantize_ord_dither function][mozjpeg-268] +[libjpeg-turbo: NULL pointer dereference][mozjpeg-268] guix shell libjpeg-turbo@1.5.2 --\ djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\ @@ -72,6 +80,7 @@ Then run `guix pull`. [afl-dyninst]: https://trong.loang.net/~cnx/afl-dyninst/about [e9patch]: https://github.com/GJDuck/e9patch [python-pacfix]: https://github.com/hsh814/pacfix-python +[redhat-955808]: https://bugzilla.redhat.com/show_bug.cgi?id=955808 [jasper-d42b238]: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c [sourceware-22148]: https://sourceware.org/bugzilla/show_bug.cgi?id=22148 [sourceware-22186]: https://sourceware.org/bugzilla/show_bug.cgi?id=22186 diff --git a/loftix/bugs.scm b/loftix/bugs.scm index 32c35fc..e6bfc6d 100644 --- a/loftix/bugs.scm +++ b/loftix/bugs.scm @@ -18,6 +18,7 @@ (define-module (loftix bugs) #:use-module (gnu packages base) + #:use-module (gnu packages fontutils) #:use-module (gnu packages image) #:use-module (guix build-system gnu) #:use-module (guix download) @@ -64,3 +65,16 @@ "0a5m0psfp5952y5vrcs0nbdz1y9wqzg2ms0xwrx752034wxr964h")))) (build-system gnu-build-system) (arguments '(#:test-target "test")))) + +(define-public potrace-1.11 + (package + (inherit potrace) + (name "potrace") + (version "1.11") + (source (origin + (method url-fetch) + (uri (string-append "mirror://sourceforge/potrace/potrace-" + version ".tar.gz")) + (sha256 + (base32 + "1bbyl7jgigawmwc8r14znv8lb6lrcxh8zpvynrl6s800dr4yp9as")))))) |