[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024
From: |
Mark H Weaver |
Subject: |
Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024 |
Date: |
Fri, 22 Apr 2016 23:20:17 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.92 (gnu/linux) |
Leo Famulari <address@hidden> writes:
> This applies from a patch from imlib2's source code repository.
>
> The change fixes an integer overflow on 32-bit machines. The upstream
> says:
>
> Security implications:
> *) for 32-bit machines: insufficient heap allocation and heap overwrite
> in many image loaders, with escalation potential to remote code
> execution;
> *) for 64-bit machines: it seems, no impact.
>
> In the patch file, there are references to imlib2's source repo and the
> CVE page on Mitre.
>
> I tested that feh and scrot still work with this change.
Looks good to me. Please push.
Thanks!
Mark