code.ossystems Code Review - openembedded-core.git/commit

author	Li Zhou <li.zhou@windriver.com>
	Tue, 18 Aug 2015 03:45:41 +0000 (11:45 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Wed, 19 Aug 2015 16:57:51 +0000 (17:57 +0100)
commit	e27f367d08becce9486f2890cb7382f3c8448246
tree	1c67bda591fa813ea189749c5a05a27acda4b36e	tree \| snapshot
parent	60d31e69790691f097fe1d06c8e8b6ff4087cbe8	commit \| diff

gdk-pixbuf: Security Advisory - gdk-pixbuf - CVE-2015-4491

pixops: Be more careful about integer overflow

Integer overflow in the make_filter_table function in pixops/pixops.c
in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and
Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other
products, allows remote attackers to execute arbitrary code or cause a
denial of service (heap-based buffer overflow and application crash) via
crafted bitmap dimensions that are mishandled during scaling.

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/0001-pixops-Be-more-careful-about-integer-overflow.patch	[new file with mode: 0644]	blob
meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb		diff \| blob \| history