[PATCH 0/2] Update imlib2 and patch against CVE-2016-4024

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/2] Update imlib2 and patch against CVE-2016-4024

From:	Leo Famulari
Subject:	[PATCH 0/2] Update imlib2 and patch against CVE-2016-4024
Date:	Wed, 20 Apr 2016 23:19:52 -0400

This applies from a patch from imlib2's source code repository.

The change fixes an integer overflow on 32-bit machines. The upstream
says:

Security implications:
*) for 32-bit machines: insufficient heap allocation and heap overwrite
in many image loaders, with escalation potential to remote code
execution;
*) for 64-bit machines: it seems, no impact.

In the patch file, there are references to imlib2's source repo and the
CVE page on Mitre.

I tested that feh and scrot still work with this change.

Leo Famulari (2):
  gnu: imlib2: Update to 1.4.8.
  gnu: imlib2: Fix CVE-2016-4024.

 gnu-system.am                                   |  1 +
 gnu/packages/image.scm                          |  5 ++-
 gnu/packages/patches/imlib2-CVE-2016-4024.patch | 52 +++++++++++++++++++++++++
 3 files changed, 56 insertions(+), 2 deletions(-)
 create mode 100644 gnu/packages/patches/imlib2-CVE-2016-4024.patch

-- 
2.7.4

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/2] Update imlib2 and patch against CVE-2016-4024, Leo Famulari <=
- [PATCH 2/2] gnu: imlib2: Fix CVE-2016-4024., Leo Famulari, 2016/04/20
- [PATCH 1/2] gnu: imlib2: Update to 1.4.8., Leo Famulari, 2016/04/20
- Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024, Mark H Weaver, 2016/04/22
  - Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024, Leo Famulari, 2016/04/23

Prev by Date: [PATCH 1/2] gnu: imlib2: Update to 1.4.8.
Next by Date: Re: Reorganizing guix package commands
Previous by thread: [PATCH] Connman
Next by thread: [PATCH 2/2] gnu: imlib2: Fix CVE-2016-4024.
Index(es):
- Date
- Thread