kumquat-buildroot

NetCube-Systems-Austria/kumquat-buildroot

Fork 0

Commit Graph

Author	SHA1	Message	Date
Peter Korsgaard	52bfb4b1ce	libcroco: add upstream security fixes These have been added to upstream git after 0.6.12 was released. CVE-2017-7960 - The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. CVE-2017-7961 - The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. For more details, see: https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2017-04-26 09:20:16 +02:00

Author

SHA1

Message

Date

Peter Korsgaard

52bfb4b1ce

libcroco: add upstream security fixes

These have been added to upstream git after 0.6.12 was released.

CVE-2017-7960 - The cr_input_new_from_uri function in cr-input.c in libcroco
0.6.11 and 0.6.12 allows remote attackers to cause a denial of service
(heap-based buffer over-read) via a crafted CSS file.

CVE-2017-7961 - The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco
0.6.11 and 0.6.12 has an "outside the range of representable values of type
long" undefined behavior issue, which might allow remote attackers to cause
a denial of service (application crash) or possibly have unspecified other
impact via a crafted CSS file.

For more details, see:
https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

2017-04-26 09:20:16 +02:00

1 Commits