kumquat-buildroot/package/jasper
Michael Vetter 332a851a08 package/jasper: Apply fix for CVE-2018-19540
Add 0003-test-asclen-CVE-2018-19540.patch:
If txtdesc->asclen is < 1, the array index of
txtdesc->ascdata will be negative which causes the heap based overflow.

Patch was proposed upstream[1] but upstream is very inactive. Linux
distributions use the same fix to patch their packages.

1: https://github.com/mdadams/jasper/pull/198
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 13:40:00 +01:00
..
0001-verify-data-range-CVE-2018-19541.patch
0002-check-null-in-jp2_decode-CVE-2018-19542.patch
0003-test-asclen-CVE-2018-19540.patch package/jasper: Apply fix for CVE-2018-19540 2019-12-02 13:40:00 +01:00
Config.in
jasper.hash
jasper.mk