* [Buildroot] [PATCH 1/1] package/gdk-pixbuf: security bump to version 2.36.12
@ 2020-08-11 10:12 Fabrice Fontaine
2020-08-12 14:45 ` Thomas Petazzoni
2020-08-28 15:57 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2020-08-11 10:12 UTC (permalink / raw)
To: buildroot
- Fix CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows
context-dependent attackers to cause a denial of service (segmentation
fault and application crash) via a crafted image entry offset in an
ICO file, which triggers an out-of-bounds read, related to compiler
optimizations.
- Fix CVE-2017-6313: Integer underflow in the load_resources function in
io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a
denial of service (out-of-bounds read and program crash) via a crafted
image entry size in an ICO file.
- Fix CVE-2017-6314: The make_available_at_least function in io-tiff.c
in gdk-pixbuf allows context-dependent attackers to cause a denial of
service (infinite loop) via a large TIFF file.
Also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/gdk-pixbuf/gdk-pixbuf.hash | 6 +++---
package/gdk-pixbuf/gdk-pixbuf.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/gdk-pixbuf/gdk-pixbuf.hash b/package/gdk-pixbuf/gdk-pixbuf.hash
index 9cb947f195..8fa178b55c 100644
--- a/package/gdk-pixbuf/gdk-pixbuf.hash
+++ b/package/gdk-pixbuf/gdk-pixbuf.hash
@@ -1,4 +1,4 @@
-# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.10.sha256sum
-sha256 f8f6fa896b89475c73b6e9e8d2a2b062fc359c4b4ccb8e96470d6ab5da949ace gdk-pixbuf-2.36.10.tar.xz
+# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.12.sha256sum
+sha256 fff85cf48223ab60e3c3c8318e2087131b590fd6f1737e42cb3759a3b427a334 gdk-pixbuf-2.36.12.tar.xz
# Locally calculated
-sha256 d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5 COPYING
+sha256 d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5 COPYING
diff --git a/package/gdk-pixbuf/gdk-pixbuf.mk b/package/gdk-pixbuf/gdk-pixbuf.mk
index b7937a48e9..0266e04978 100644
--- a/package/gdk-pixbuf/gdk-pixbuf.mk
+++ b/package/gdk-pixbuf/gdk-pixbuf.mk
@@ -5,7 +5,7 @@
################################################################################
GDK_PIXBUF_VERSION_MAJOR = 2.36
-GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).10
+GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).12
GDK_PIXBUF_SOURCE = gdk-pixbuf-$(GDK_PIXBUF_VERSION).tar.xz
GDK_PIXBUF_SITE = http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/$(GDK_PIXBUF_VERSION_MAJOR)
GDK_PIXBUF_LICENSE = LGPL-2.0+
--
2.27.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/gdk-pixbuf: security bump to version 2.36.12
2020-08-11 10:12 [Buildroot] [PATCH 1/1] package/gdk-pixbuf: security bump to version 2.36.12 Fabrice Fontaine
@ 2020-08-12 14:45 ` Thomas Petazzoni
2020-08-28 15:57 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2020-08-12 14:45 UTC (permalink / raw)
To: buildroot
On Tue, 11 Aug 2020 12:12:13 +0200
Fabrice Fontaine via buildroot <buildroot@busybox.net> wrote:
> - Fix CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows
> context-dependent attackers to cause a denial of service (segmentation
> fault and application crash) via a crafted image entry offset in an
> ICO file, which triggers an out-of-bounds read, related to compiler
> optimizations.
> - Fix CVE-2017-6313: Integer underflow in the load_resources function in
> io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a
> denial of service (out-of-bounds read and program crash) via a crafted
> image entry size in an ICO file.
> - Fix CVE-2017-6314: The make_available_at_least function in io-tiff.c
> in gdk-pixbuf allows context-dependent attackers to cause a denial of
> service (infinite loop) via a large TIFF file.
>
> Also update indentation in hash file (two spaces)
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/gdk-pixbuf/gdk-pixbuf.hash | 6 +++---
> package/gdk-pixbuf/gdk-pixbuf.mk | 2 +-
> 2 files changed, 4 insertions(+), 4 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/gdk-pixbuf: security bump to version 2.36.12
2020-08-11 10:12 [Buildroot] [PATCH 1/1] package/gdk-pixbuf: security bump to version 2.36.12 Fabrice Fontaine
2020-08-12 14:45 ` Thomas Petazzoni
@ 2020-08-28 15:57 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-08-28 15:57 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine via buildroot <buildroot@busybox.net> writes:
> - Fix CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows
> context-dependent attackers to cause a denial of service (segmentation
> fault and application crash) via a crafted image entry offset in an
> ICO file, which triggers an out-of-bounds read, related to compiler
> optimizations.
> - Fix CVE-2017-6313: Integer underflow in the load_resources function in
> io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a
> denial of service (out-of-bounds read and program crash) via a crafted
> image entry size in an ICO file.
> - Fix CVE-2017-6314: The make_available_at_least function in io-tiff.c
> in gdk-pixbuf allows context-dependent attackers to cause a denial of
> service (infinite loop) via a large TIFF file.
> Also update indentation in hash file (two spaces)
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2020.02.x and 2020.05.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-08-28 15:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-11 10:12 [Buildroot] [PATCH 1/1] package/gdk-pixbuf: security bump to version 2.36.12 Fabrice Fontaine
2020-08-12 14:45 ` Thomas Petazzoni
2020-08-28 15:57 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.