godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-02 21:48:20 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
2019.02.x
buildroot/package/jasper
History
Michael Vetter c2a4de160d package/jasper: Apply fix for CVE-2018-19540 
Add 0003-test-asclen-CVE-2018-19540.patch:
If txtdesc->asclen is < 1, the array index of
txtdesc->ascdata will be negative which causes the heap based overflow.

Patch was proposed upstream[1] but upstream is very inactive. Linux
distributions use the same fix to patch their packages.

1: https://github.com/mdadams/jasper/pull/198
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 332a851a08)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-06 09:21:10 +01:00
..
0001-verify-data-range-CVE-2018-19541.patch
package/jasper: Apply fix for CVE-2018-19541
2019-12-06 09:21:04 +01:00
0002-check-null-in-jp2_decode-CVE-2018-19542.patch
package/jasper: Apply fix for CVE-2018-19542
2019-12-06 09:21:07 +01:00
0003-test-asclen-CVE-2018-19540.patch
package/jasper: Apply fix for CVE-2018-19540
2019-12-06 09:21:10 +01:00
Config.in
jasper.hash
jasper.mk