From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_2 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42F15C4338F for ; Sun, 15 Aug 2021 14:55:37 +0000 (UTC) Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 046EF6115A for ; Sun, 15 Aug 2021 14:55:36 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 046EF6115A Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=bootlin.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=busybox.net Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id D46EB80CF4; Sun, 15 Aug 2021 14:55:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M64kvumLE3K8; Sun, 15 Aug 2021 14:55:33 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp1.osuosl.org (Postfix) with ESMTP id 9889B80D02; Sun, 15 Aug 2021 14:55:32 +0000 (UTC) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id E59BF1BF376 for ; Sun, 15 Aug 2021 14:55:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id D5613605C4 for ; Sun, 15 Aug 2021 14:55:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RyaTHIaAKqzc for ; Sun, 15 Aug 2021 14:55:26 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by smtp3.osuosl.org (Postfix) with ESMTPS id 4A0CE600C4 for ; Sun, 15 Aug 2021 14:55:26 +0000 (UTC) Received: (Authenticated sender: thomas.petazzoni@bootlin.com) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 06B9760005; Sun, 15 Aug 2021 14:55:23 +0000 (UTC) Date: Sun, 15 Aug 2021 16:55:23 +0200 From: Thomas Petazzoni To: Fabrice Fontaine Message-ID: <20210815165523.5ed39155@windsurf> In-Reply-To: <20210814204354.352402-1-fontaine.fabrice@gmail.com> References: <20210814204354.352402-1-fontaine.fabrice@gmail.com> Organization: Bootlin X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.33; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Subject: Re: [Buildroot] [PATCH 1/1] package/gd: fix CVE-2021-38115 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: buildroot@buildroot.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" On Sat, 14 Aug 2021 22:43:54 +0200 Fabrice Fontaine wrote: > read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) > through 2.3.2 allows remote attackers to cause a denial of service > (out-of-bounds read) via a crafted TGA file. > > Signed-off-by: Fabrice Fontaine > --- > ...-of-bands-in-reading-tga-header-file.patch | 29 +++++++++++++++++++ > package/gd/gd.mk | 3 ++ > 2 files changed, 32 insertions(+) > create mode 100644 package/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch Applied to master, thanks. Thomas -- Thomas Petazzoni, CTO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com _______________________________________________ buildroot mailing list buildroot@busybox.net http://lists.busybox.net/mailman/listinfo/buildroot