]> rtime.felk.cvut.cz Git - coffee/buildroot.git/commitdiff
projects / coffee / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6f44283)
openjpeg: security bump to version 2.2.0
authorOlivier Schonken <olivier.schonken@gmail.com>
Mon, 28 Aug 2017 13:54:35 +0000 (15:54 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Thu, 7 Sep 2017 13:10:40 +0000 (15:10 +0200)
Fixes the following security issues:

CVE-2016-10504: Heap-based buffer overflow vulnerability in the
opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote
attackers to cause a denial of service (application crash) via a crafted bmp
file.

CVE-2016-10505: NULL pointer dereference vulnerabilities in the imagetopnm
function in convert.c, sycc444_to_rgb function in color.c,
color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in
color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of
service (application crash) via crafted j2k files.

CVE-2016-10506: Division-by-zero vulnerabilities in the functions
opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG
before 2.2.0 allow remote attackers to cause a denial of service
(application crash) via crafted j2k files.

CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function
in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a
denial of service (heap-based buffer over-read and application crash) via a
crafted bmp file.

[Peter: extend commit message with security fixes info]
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 37b2fe73cff726ac05cdb200e803f267a48721f9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/openjpeg/openjpeg.hash patch | blob | history
package/openjpeg/openjpeg.mk patch | blob | history

diff --git a/package/openjpeg/openjpeg.hash b/package/openjpeg/openjpeg.hash
index c0abd0c54d7c251146271eada814fe7ce2331d14..0e51aaec5ea470a1fc43b6a19ca8d756a42c16a1 100644 (file)
--- a/package/openjpeg/openjpeg.hash
+++ b/package/openjpeg/openjpeg.hash
@@ -1,2 +1,2 @@
 # Locally computed:
-sha256 4ce77b6ef538ef090d9bde1d5eeff8b3069ab56c4906f083475517c2c023dfa7  openjpeg-2.1.2.tar.gz
+sha256 6fddbce5a618e910e03ad00d66e7fcd09cc6ee307ce69932666d54c73b7c6e7b  openjpeg-2.2.0.tar.gz
diff --git a/package/openjpeg/openjpeg.mk b/package/openjpeg/openjpeg.mk
index ca22068113a306fae3fa10563fb82076123086a5..e67171305fa0ab915391ad3f6d859d86764aa1d0 100644 (file)
--- a/package/openjpeg/openjpeg.mk
+++ b/package/openjpeg/openjpeg.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENJPEG_VERSION = 2.1.2
+OPENJPEG_VERSION = 2.2.0
 OPENJPEG_SITE = $(call github,uclouvain,openjpeg,v$(OPENJPEG_VERSION))
 OPENJPEG_LICENSE = BSD-2c
 OPENJPEG_LICENSE_FILES = LICENSE