NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/libjxl: security bump to version 0.8.2

Browse Source 
Fix CVE-2023-35790: An issue was discovered in dec_patch_dictionary.cc
in libjxl before 0.8.2. An integer underflow in patch decoding can lead
to a denial of service, such as an infinite loop.

https://github.com/libjxl/libjxl/releases/tag/v0.8.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Julien Olivain <ju.o@free.fr>
Tested-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e4572cc705)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine 2023-09-14 23:56:06 +02:00 committed by Peter Korsgaard
parent 7fe9b7eb8f
commit 5944ae28a3
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/libjxl/libjxl.hash
View File

@ -1,4 +1,4 @@
# Locally computed:
sha256 60f43921ad3209c9e180563025eda0c0f9b1afac51a2927b9ff59fff3950dc56 libjxl-0.8.1.tar.gz
sha256 c70916fb3ed43784eb840f82f05d390053a558e2da106e40863919238fa7b420 libjxl-0.8.2.tar.gz
sha256 8405932022a556380c2d8c272eff154a923feb197233f348ce5f7334fb0a5ede LICENSE
sha256 91915f8ae056a68a3c5bdf05d9f6f78bb6903e27a8ca3a8434c9e4ac87300575 PATENTS

2
package/libjxl/libjxl.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
LIBJXL_VERSION = 0.8.1
LIBJXL_VERSION = 0.8.2
LIBJXL_SITE = $(call github,libjxl,libjxl,v$(LIBJXL_VERSION))
LIBJXL_LICENSE = BSD-3-Clause
LIBJXL_LICENSE_FILES = LICENSE PATENTS