e224495ce1
* gnu/packages/patches/jasper-CVE-2016-1557.patch, gnu/packages/patches/jasper-CVE-2016-2089.patch, gnu/packages/patches/jasper-CVE-2016-2116.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/image.scm (jasper)[source]: Add patches.
20 lines
728 B
Diff
20 lines
728 B
Diff
Description: CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy()
|
|
Origin: vendor, http://www.openwall.com/lists/oss-security/2016/03/03/12
|
|
Bug-Ubuntu: https://launchpad.net/bugs/1547865
|
|
Bug-Debian: https://bugs.debian.org/816625
|
|
Forwarded: not-needed
|
|
Author: Tyler Hicks <tyhicks@canonical.com>
|
|
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
Last-Update: 2016-03-05
|
|
|
|
--- a/src/libjasper/base/jas_icc.c
|
|
+++ b/src/libjasper/base/jas_icc.c
|
|
@@ -300,6 +300,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre
|
|
if (jas_iccprof_setattr(prof, tagtabent->tag, attrval))
|
|
goto error;
|
|
jas_iccattrval_destroy(attrval);
|
|
+ attrval = 0;
|
|
} else {
|
|
#if 0
|
|
jas_eprintf("warning: skipping unknown tag type\n");
|