From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/2] package/libpng: bump version to 1.6.32
Date: Wed, 06 Sep 2017 14:07:40 +0200 [thread overview]
Message-ID: <87lglsdo8j.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20170902142956.22181-1-bernd.kuhls@t-online.de> (Bernd Kuhls's message of "Sat, 2 Sep 2017 16:29:55 +0200")
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Added md5 hash provided by upstream.
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
It would have been good to mention that this fixes a security issue
introduced in 1.6.31, so a candidate for 2017.08.x:
Vulnerability Warning
libpng version 1.6.31 added png_handle_eXIf(), which has a
null-pointer-dereference bug as well as a potential memory leak. Insofar
as the function has existed for only four weeks and the chunk itself for
only six, it's unlikely there are any applications affected by it at
this time, but they might come into existence in the future. The
vulnerability is fixed in version 1.6.32, released on 24 August 2017.
--
Bye, Peter Korsgaard
prev parent reply other threads:[~2017-09-06 12:07 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-02 14:29 [Buildroot] [PATCH 1/2] package/libpng: bump version to 1.6.32 Bernd Kuhls
2017-09-02 14:29 ` [Buildroot] [PATCH 2/2] package/libpng: switch to cmake Bernd Kuhls
2017-09-02 14:39 ` Yann E. MORIN
2017-09-02 16:43 ` Thomas Petazzoni
2017-09-02 16:44 ` [Buildroot] [PATCH 1/2] package/libpng: bump version to 1.6.32 Thomas Petazzoni
2017-09-06 12:07 ` Peter Korsgaard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lglsdo8j.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox