[Buildroot] [PATCH 1/3] package/jasper: Apply fix for CVE-2018-19541

Peter Korsgaard peter at korsgaard.com
Fri Dec 6 08:21:44 UTC 2019


>>>>> "Michael" == Michael Vetter <jubalh at iodoru.org> writes:

 > Add 0001-verify-data-range-CVE-2018-19541.patch:
 > We need to verify the data is in the expected range. Otherwise we get
 > problems later.

 > Patch was proposed upstream[1] but upstream is very inactive. Linux
 > distributions use the same fix to patch their packages.

 > 1: https://github.com/mdadams/jasper/pull/211
 > Signed-off-by: Michael Vetter <jubalh at iodoru.org>

Committed to 2019.02.x and 2019.08.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list