[Buildroot] [git commit branch/2020.02.x] package/openjpeg: add CVE-2020-15389 entry

Peter Korsgaard peter at korsgaard.com
Fri Aug 28 17:45:21 UTC 2020


commit: https://git.buildroot.net/buildroot/commit/?id=1ee1539bd04cd85b6a5bda02eef8bffddd4b529d
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2020.02.x

Commit b006cc373f96ec86c027779e113c8f70bc40d1c3 forgot to add
the OPENJPEG_IGNORE_CVES entry

Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
(cherry picked from commit 77ef9c333cdc13d1a51d88dbad8c4459c2dca156)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/openjpeg/openjpeg.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package/openjpeg/openjpeg.mk b/package/openjpeg/openjpeg.mk
index 1ff3111d64..b65dbce807 100644
--- a/package/openjpeg/openjpeg.mk
+++ b/package/openjpeg/openjpeg.mk
@@ -20,6 +20,9 @@ OPENJPEG_IGNORE_CVES += CVE-2020-6851
 # 0007-opj_tcd_init_tile-avoid-integer-overflow.patch
 OPENJPEG_IGNORE_CVES += CVE-2020-8112
 
+# 0008-opj_decompress-fix-double-free-on-input-directory-with-mix-of-valid.patch
+OPENJPEG_IGNORE_CVES += CVE-2020-15389
+
 OPENJPEG_DEPENDENCIES += $(if $(BR2_PACKAGE_ZLIB),zlib)
 OPENJPEG_DEPENDENCIES += $(if $(BR2_PACKAGE_LIBPNG),libpng)
 OPENJPEG_DEPENDENCIES += $(if $(BR2_PACKAGE_TIFF),tiff)


More information about the buildroot mailing list