- Fix CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows
context-dependent attackers to cause a denial of service (segmentation
fault and application crash) via a crafted image entry offset in an
ICO file, which triggers an out-of-bounds read, related to compiler
optimizations.
- Fix CVE-2017-6313: Integer underflow in the load_resources function in
io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a
denial of service (out-of-bounds read and program crash) via a crafted
image entry size in an ICO file.
- Fix CVE-2017-6314: The make_available_at_least function in io-tiff.c
in gdk-pixbuf allows context-dependent attackers to cause a denial of
service (infinite loop) via a large TIFF file.
Also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.10.sha256sum
-sha256 f8f6fa896b89475c73b6e9e8d2a2b062fc359c4b4ccb8e96470d6ab5da949ace gdk-pixbuf-2.36.10.tar.xz
+# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.12.sha256sum
+sha256 fff85cf48223ab60e3c3c8318e2087131b590fd6f1737e42cb3759a3b427a334 gdk-pixbuf-2.36.12.tar.xz
# Locally calculated
-sha256 d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5 COPYING
+sha256 d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5 COPYING
################################################################################
GDK_PIXBUF_VERSION_MAJOR = 2.36
-GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).10
+GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).12
GDK_PIXBUF_SOURCE = gdk-pixbuf-$(GDK_PIXBUF_VERSION).tar.xz
GDK_PIXBUF_SITE = http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/$(GDK_PIXBUF_VERSION_MAJOR)
GDK_PIXBUF_LICENSE = LGPL-2.0+
projects / buildroot.git / commitdiff