kumquat-buildroot

NetCube-Systems-Austria/kumquat-buildroot

Fork 0

Commit Graph

Author	SHA1	Message	Date
Michael Vetter	332a851a08	package/jasper: Apply fix for CVE-2018-19540 Add 0003-test-asclen-CVE-2018-19540.patch: If txtdesc->asclen is < 1, the array index of txtdesc->ascdata will be negative which causes the heap based overflow. Patch was proposed upstream[1] but upstream is very inactive. Linux distributions use the same fix to patch their packages. 1: https://github.com/mdadams/jasper/pull/198 Signed-off-by: Michael Vetter <jubalh@iodoru.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2019-12-02 13:40:00 +01:00

Author

SHA1

Message

Date

Michael Vetter

332a851a08

package/jasper: Apply fix for CVE-2018-19540

Add 0003-test-asclen-CVE-2018-19540.patch:
If txtdesc->asclen is < 1, the array index of
txtdesc->ascdata will be negative which causes the heap based overflow.

Patch was proposed upstream[1] but upstream is very inactive. Linux
distributions use the same fix to patch their packages.

1: https://github.com/mdadams/jasper/pull/198
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

2019-12-02 13:40:00 +01:00

1 Commits