[Buildroot] [PATCH] sdl2: security bump to version 2.0.7
Peter Korsgaard
peter at korsgaard.com
Wed Nov 15 18:52:46 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes CVE-2017-2888 - An exploitable integer overflow vulnerability exists
> when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can
> cause an integer overflow resulting in too little memory being allocated
> which can lead to a buffer overflow and potential code execution. An
> attacker can provide a specially crafted image file to trigger this
> vulnerability.
> Also add a hash for the license file while we're at it.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list