package/giflib/0003-Fix-CVE-2023-39742.patch: New security patch
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> [yann.morin.1998@free.fr: extend GIFLIB_IGNORE_CVES] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
parent
4a93a83196
commit
74253ffee5
36
package/giflib/0003-Fix-CVE-2023-39742.patch
Normal file
36
package/giflib/0003-Fix-CVE-2023-39742.patch
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
From 4288b993ee9df6550a367fe06ede3c003dc7bbc6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sandro Mani <manisandro@gmail.com>
|
||||||
|
Date: Tue, 5 Dec 2023 16:35:40 -0700
|
||||||
|
Subject: [PATCH] Fix CVE-2023-39742
|
||||||
|
|
||||||
|
From: giflib-5.2.1-17.fc39.src.rpm
|
||||||
|
Fix segmentation faults due to non correct checking for args
|
||||||
|
Fixes: https://nvd.nist.gov/vuln/detail/CVE-2023-39742
|
||||||
|
Upstream: https://sourceforge.net/p/giflib/bugs/166/
|
||||||
|
|
||||||
|
Signed-off-by: Sandro Mani <manisandro@gmail.com>
|
||||||
|
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
|
||||||
|
---
|
||||||
|
getarg.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/getarg.c b/getarg.c
|
||||||
|
index d569f6c..51fbe0b 100644
|
||||||
|
--- a/getarg.c
|
||||||
|
+++ b/getarg.c
|
||||||
|
@@ -307,6 +307,12 @@ GAGetParmeters(void *Parameters[],
|
||||||
|
int i = 0, ScanRes;
|
||||||
|
|
||||||
|
while (!(ISSPACE(CtrlStrCopy[i]))) {
|
||||||
|
+
|
||||||
|
+ if ((*argv) == argv_end) {
|
||||||
|
+ GAErrorToken = Option;
|
||||||
|
+ return CMD_ERR_NumRead;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
switch (CtrlStrCopy[i + 1]) {
|
||||||
|
case 'd': /* Get signed integers. */
|
||||||
|
ScanRes = sscanf(*((*argv)++), "%d",
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -13,6 +13,8 @@ GIFLIB_CPE_ID_VENDOR = giflib_project
|
|||||||
|
|
||||||
# 0002-Fix-CVE-2022-28506.patch
|
# 0002-Fix-CVE-2022-28506.patch
|
||||||
GIFLIB_IGNORE_CVES = CVE-2022-28506
|
GIFLIB_IGNORE_CVES = CVE-2022-28506
|
||||||
|
# 0003-Fix-CVE-2023-39742.patch
|
||||||
|
GIFLIB_IGNORE_CVES += CVE-2023-39742
|
||||||
|
|
||||||
ifeq ($(BR2_STATIC_LIBS),y)
|
ifeq ($(BR2_STATIC_LIBS),y)
|
||||||
GIFLIB_BUILD_LIBS = static-lib
|
GIFLIB_BUILD_LIBS = static-lib
|
||||||
|
Loading…
Reference in New Issue
Block a user