e224495ce1
* gnu/packages/patches/jasper-CVE-2016-1557.patch, gnu/packages/patches/jasper-CVE-2016-2089.patch, gnu/packages/patches/jasper-CVE-2016-2116.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/image.scm (jasper)[source]: Add patches.
20 lines
586 B
Diff
20 lines
586 B
Diff
Description: CVE-2016-2116: Prevent jas_stream_t memory leak in jas_iccprof_createfrombuf()
|
|
Origin: vendor, http://www.openwall.com/lists/oss-security/2016/03/03/12
|
|
Bug-Debian: https://bugs.debian.org/816626
|
|
Forwarded: not-needed
|
|
Author: Tyler Hicks <tyhicks@canoonical.com>
|
|
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
Last-Update: 2016-03-05
|
|
|
|
--- a/src/libjasper/base/jas_icc.c
|
|
+++ b/src/libjasper/base/jas_icc.c
|
|
@@ -1693,6 +1693,8 @@ jas_iccprof_t *jas_iccprof_createfrombuf
|
|
jas_stream_close(in);
|
|
return prof;
|
|
error:
|
|
+ if (in)
|
|
+ jas_stream_close(in);
|
|
return 0;
|
|
}
|
|
|