Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024

From:	Mark H Weaver
Subject:	Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024
Date:	Fri, 22 Apr 2016 23:20:17 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.0.92 (gnu/linux)

Leo Famulari <address@hidden> writes:

> This applies from a patch from imlib2's source code repository.
>
> The change fixes an integer overflow on 32-bit machines. The upstream
> says:
>
> Security implications:
> *) for 32-bit machines: insufficient heap allocation and heap overwrite
> in many image loaders, with escalation potential to remote code
> execution;
> *) for 64-bit machines: it seems, no impact.
>
> In the patch file, there are references to imlib2's source repo and the
> CVE page on Mitre.
>
> I tested that feh and scrot still work with this change.

Looks good to me.  Please push.

     Thanks!
       Mark

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/2] Update imlib2 and patch against CVE-2016-4024, Leo Famulari, 2016/04/20
- [PATCH 2/2] gnu: imlib2: Fix CVE-2016-4024., Leo Famulari, 2016/04/20
- [PATCH 1/2] gnu: imlib2: Update to 1.4.8., Leo Famulari, 2016/04/20
- Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024, Mark H Weaver <=
  - Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024, Leo Famulari, 2016/04/23

Prev by Date: Re: [PATCH] Add junit.
Next by Date: Re: [PATCH 1/2] gnu: bitlbee: Update to 3.4.2.
Previous by thread: [PATCH 1/2] gnu: imlib2: Update to 1.4.8.
Next by thread: Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024
Index(es):
- Date
- Thread