[Buildroot] [PATCH 1/3] package/jasper: Apply fix for CVE-2018-19541
Peter Korsgaard
peter at korsgaard.com
Mon Dec 2 12:42:51 UTC 2019
>>>>> "Michael" == Michael Vetter <jubalh at iodoru.org> writes:
> Add 0001-verify-data-range-CVE-2018-19541.patch:
> We need to verify the data is in the expected range. Otherwise we get
> problems later.
> Patch was proposed upstream[1] but upstream is very inactive. Linux
> distributions use the same fix to patch their packages.
> 1: https://github.com/mdadams/jasper/pull/211
> Signed-off-by: Michael Vetter <jubalh at iodoru.org>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list