[Buildroot] [PATCH 1/1] package/giflib: security bump version to 5.2.1
Peter Korsgaard
peter at korsgaard.com
Thu Aug 1 13:25:21 UTC 2019
>>>>> "Arnout" == Arnout Vandecappelle <arnout at mind.be> writes:
> On 29/06/2019 17:12, Bernd Kuhls wrote:
>> Version 5.1.5 fixes CVE-2018-11490
> So *this* is not a security bump. A security bump would bump to 5.1.5, not 5.2.1.
> This is important, because this patch we don't want to backport to the stable
> branches...
And looking closer, the security issue is in the gifclrmp utility which
we don't install.
>> https://sourceforge.net/p/giflib/code/ci/900d783def011e8d9f261db6839113425bf3334f/
Before noticing that, I did some work to bump to 5.1.5, but it isn't
really nice as the new build system is fairly broken and E.G. always
builds static and shared libraries.
The patch as is also forgets to pass TARGET_CONFIGURE_OPTS, so it ends
up building for the host instead of the target.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list