mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 17:59:59 +00:00
Catalin Enache
f66465d4d5
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10167 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10168 Upstream patches: https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6 Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This layer depends on:
URI: git://github.com/openembedded/oe-core.git
branch: master
revision: HEAD
Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-oe]' in the subject'
When sending single patches, please use something like:
'git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix=meta-oe][PATCH'
You are encouraged to fork the mirror on github https://github.com/openembedded/meta-oe/ to share your patches, this is preferred for patch sets consisting of more than one patch. Other services like gitorious, repo.or.cz or self hosted setups are of course accepted as well, 'git fetch <remote>' works the same on all of them. We recommend github because it is free, easy to use, has been proven to be reliable and has a really good web GUI.
Main layer maintainer: Koen Kooi <koen@dominion.thruhere.net>
Martin Jansa <martin.jansa@gmail.com>