[Buildroot] [PATCH 3/3] package/jasper: Apply fix for CVE-2018-19540

Peter Korsgaard peter at korsgaard.com
Mon Dec 2 12:43:04 UTC 2019

>>>>> "Michael" == Michael Vetter <jubalh at iodoru.org> writes:

 > Add 0003-test-asclen-CVE-2018-19540.patch:
 > If txtdesc->asclen is < 1, the array index of
 > txtdesc-> ascdata will be negative which causes the heap based overflow.

 > Patch was proposed upstream[1] but upstream is very inactive. Linux
 > distributions use the same fix to patch their packages.

 > 1: https://github.com/mdadams/jasper/pull/198
 > Signed-off-by: Michael Vetter <jubalh at iodoru.org>

Committed, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list