projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 61703b8) | patch
package/jasper: Apply fix for CVE-2018-19540
authorMichael Vetter <jubalh@iodoru.org>
Mon, 2 Dec 2019 11:59:34 +0000 (12:59 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 2 Dec 2019 12:40:00 +0000 (13:40 +0100)
commit332a851a08153887f68c97f49c7fbdc163f24e5b
tree5f9cbc451272da2d0ab4df89411b6edfe7139e64tree
parent61703b82cdcbd32dd27e8a8f2de31dfa45e6a2b1commit | diff
package/jasper: Apply fix for CVE-2018-19540

Add 0003-test-asclen-CVE-2018-19540.patch:
If txtdesc->asclen is < 1, the array index of
txtdesc->ascdata will be negative which causes the heap based overflow.

Patch was proposed upstream[1] but upstream is very inactive. Linux
distributions use the same fix to patch their packages.

1: https://github.com/mdadams/jasper/pull/198
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/jasper/0003-test-asclen-CVE-2018-19540.patch [new file with mode: 0644] blob