mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
gimp: patch CVE-2023-44442
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-44442 Backport the patch that resolved the related upstream issue[1]. [1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/10101 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
@@ -0,0 +1,28 @@
|
|||||||
|
From a4f550be80f2f771927e2df9ae09e3f3354d22f1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alx Sa <cmyk.student@gmail.com>
|
||||||
|
Date: Fri, 29 Sep 2023 20:39:29 +0000
|
||||||
|
Subject: [PATCH] plug-ins: Fix vulnerability in file-psd
|
||||||
|
|
||||||
|
Resolves #10101.
|
||||||
|
This patch adds a missing break statement after an error condition
|
||||||
|
is detected to prevent the code from continuing afterwards.
|
||||||
|
|
||||||
|
CVE: CVE-2023-44442
|
||||||
|
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/985c0a20e18b5b3b8a48ee9cb12287b1d5732d3d]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
plug-ins/file-psd/psd-util.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/plug-ins/file-psd/psd-util.c b/plug-ins/file-psd/psd-util.c
|
||||||
|
index 5686bb7..8514b07 100644
|
||||||
|
--- a/plug-ins/file-psd/psd-util.c
|
||||||
|
+++ b/plug-ins/file-psd/psd-util.c
|
||||||
|
@@ -518,6 +518,7 @@ decode_packbits (const gchar *src,
|
||||||
|
{
|
||||||
|
IFDBG(2) g_debug ("Overrun in packbits replicate of %d chars", n - unpack_left);
|
||||||
|
error_code = 2;
|
||||||
|
+ break;
|
||||||
|
}
|
||||||
|
memset (dst, *src, n);
|
||||||
|
src++;
|
||||||
@@ -49,6 +49,7 @@ SRC_URI = "https://download.gimp.org/pub/${BPN}/v${SHPV}/${BP}.tar.bz2 \
|
|||||||
file://CVE-2022-32990-2.patch \
|
file://CVE-2022-32990-2.patch \
|
||||||
file://CVE-2022-32990-3.patch \
|
file://CVE-2022-32990-3.patch \
|
||||||
file://CVE-2023-44441.patch \
|
file://CVE-2023-44441.patch \
|
||||||
|
file://CVE-2023-44442.patch \
|
||||||
"
|
"
|
||||||
SRC_URI[sha256sum] = "88815daa76ed7d4277eeb353358bafa116cd2fcd2c861d95b95135c1d52b67dc"
|
SRC_URI[sha256sum] = "88815daa76ed7d4277eeb353358bafa116cd2fcd2c861d95b95135c1d52b67dc"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user