projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7fe3741) | patch
package/jpeg-turbo: add upstream security fixes
authorBaruch Siach <baruch@tkos.co.il>
Tue, 12 Feb 2019 13:28:27 +0000 (15:28 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Tue, 12 Feb 2019 18:59:46 +0000 (19:59 +0100)
commitf60925beda57b67d0ce9c8bd5fc4b237f09e2024
treebf0df04e7e1a2933c83fdcaff09381a487a715e6tree
parent7fe3741bc4197f6bff48236f357f5db1269586c7commit | diff
package/jpeg-turbo: add upstream security fixes

CVE-2018-20330: Integer overflow causing segfault occurred when
attempting to load a BMP file with more than 1 billion pixels using the
`tjLoadImage()` function.

CVE-2018-19664: Buffer overrun occurred when attempting to decompress a
specially-crafted malformed JPEG image to a 256-color BMP using djpeg.

Cc: Murat Demirten <mdemirten@yh.com.tr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/jpeg-turbo/0001-tjLoadImage-Fix-int-overflow-segfault-w-big-BMP.patch [new file with mode: 0644] blob
package/jpeg-turbo/0002-wrbmp.c-Don-t-allow-quantization-w-non-RGB-CS.patch [new file with mode: 0644] blob