projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3b1d9f7) | patch
package/jasper: Apply fix for CVE-2018-19541
authorMichael Vetter <jubalh@iodoru.org>
Mon, 2 Dec 2019 11:59:32 +0000 (12:59 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 2 Dec 2019 12:39:33 +0000 (13:39 +0100)
commitfddee3cf7436bd39d08c30a83a15ee9687e88401
treece879bb13acc69c473c6dc6583affa4e2ec7881ctree
parent3b1d9f74c7bc86a2a626bd38a98b34c77a6465a6commit | diff
package/jasper: Apply fix for CVE-2018-19541

Add 0001-verify-data-range-CVE-2018-19541.patch:
We need to verify the data is in the expected range. Otherwise we get
problems later.

Patch was proposed upstream[1] but upstream is very inactive. Linux
distributions use the same fix to patch their packages.

1: https://github.com/mdadams/jasper/pull/211
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/jasper/0001-verify-data-range-CVE-2018-19541.patch [new file with mode: 0644] blob