]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 5f7cdf1) | patch
libpng16: CVE-2015-0973
authorSona Sarmadi <sona.sarmadi@enea.com>
Wed, 29 Apr 2015 09:02:19 +0000 (11:02 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 1 May 2015 11:34:06 +0000 (12:34 +0100)
commit10c8aeebca301ffd853e75df3f9c1d16d0352d76
treed0a31b130b59f399032d22321b8b85aa02326b94tree | snapshot
parent5f7cdf1e1212af5e3dcf36c8817c63cc853b1a91commit | diff
libpng16: CVE-2015-0973

Fixes CVE-2015-0973 (duplicate of CVE-2014-9495), a heap-based overflow
vulnerability in the png_combine_row() function of the libpng library,
when very large interlaced images were used.

Upstream patch:
http://sourceforge.net/p/libpng/code/ci/dc294204b641373bc6eb603075a8b98f51a75dd8/

External Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973
http://seclists.org/oss-sec/2014/q4/1133

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-multimedia/libpng/libpng/libpng16-CVE-2015-0973.patch [new file with mode: 0644] blob
meta/recipes-multimedia/libpng/libpng_1.6.8.bb diff | blob | history
Mirror of the official openembedded-core repository