[Buildroot] [PATCH 1/1] package/libraw: security bump to version 0.20.0
Peter Korsgaard
peter at korsgaard.com
Fri Sep 11 21:07:55 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> - Fix CVE-2020-15503: LibRaw before 0.20-RC1 lacks a thumbnail size
> range check. This affects decoders/unpack_thumb.cpp,
> postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example,
> malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without
> validating T.tlength.
> - zlib is an optional dependency since
> https://github.com/LibRaw/LibRaw/commit/b63f017b063edb5e7091e3952ee20cb4d002edbe
> Also update indentation in hash file (two spaces) as well as README.md
> hash, no license changes:
> - https://github.com/LibRaw/LibRaw/commit/d1975cb0e055d2bfe58c9d845c9a3e57c346a2f9
> - https://github.com/LibRaw/LibRaw/commit/d38361b76e1a405a25b11165a1ee5495fc899246
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2020.02.x, 2020.05.x and 2020.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list