[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/2] Update imlib2 and patch against CVE-2016-4024
From: |
Leo Famulari |
Subject: |
[PATCH 0/2] Update imlib2 and patch against CVE-2016-4024 |
Date: |
Wed, 20 Apr 2016 23:19:52 -0400 |
This applies from a patch from imlib2's source code repository.
The change fixes an integer overflow on 32-bit machines. The upstream
says:
Security implications:
*) for 32-bit machines: insufficient heap allocation and heap overwrite
in many image loaders, with escalation potential to remote code
execution;
*) for 64-bit machines: it seems, no impact.
In the patch file, there are references to imlib2's source repo and the
CVE page on Mitre.
I tested that feh and scrot still work with this change.
Leo Famulari (2):
gnu: imlib2: Update to 1.4.8.
gnu: imlib2: Fix CVE-2016-4024.
gnu-system.am | 1 +
gnu/packages/image.scm | 5 ++-
gnu/packages/patches/imlib2-CVE-2016-4024.patch | 52 +++++++++++++++++++++++++
3 files changed, 56 insertions(+), 2 deletions(-)
create mode 100644 gnu/packages/patches/imlib2-CVE-2016-4024.patch
--
2.7.4
- [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024,
Leo Famulari <=