[Buildroot] [PATCH 3/3] package/jasper: Apply fix for CVE-2018-19540
peter at korsgaard.com
Fri Dec 6 08:21:59 UTC 2019
>>>>> "Michael" == Michael Vetter <jubalh at iodoru.org> writes:
> Add 0003-test-asclen-CVE-2018-19540.patch:
> If txtdesc->asclen is < 1, the array index of
> txtdesc-> ascdata will be negative which causes the heap based overflow.
> Patch was proposed upstream but upstream is very inactive. Linux
> distributions use the same fix to patch their packages.
> 1: https://github.com/mdadams/jasper/pull/198
> Signed-off-by: Michael Vetter <jubalh at iodoru.org>
Committed to 2019.02.x and 2019.08.x, thanks.
Bye, Peter Korsgaard
More information about the buildroot