[Buildroot] [PATCH] lcms2: add upstream security fix for CVE-2018-16435
Peter Korsgaard
peter at korsgaard.com
Wed Sep 5 21:00:30 UTC 2018
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Little CMS (aka Little Color Management System) 2.9 has an integer overflow
> in the AllocateDataSet function in cmscgats.c, leading to a heap-based
> buffer overflow in the SetData function via a crafted file in the second
> argument to cmsIT8LoadFromFile.
> For more details, see:
> https://github.com/mm2/Little-CMS/issues/171
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16435
> The upstream fix unfortunately includes a number of unrelated changes, but
> thse files are not used when building for Linux.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list