guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: libpng: Mention CVE-2016-10087.

From: Leo Famulari
Subject: 01/01: gnu: libpng: Mention CVE-2016-10087.
Date: Fri, 30 Dec 2016 19:38:45 +0000 (UTC) 
lfam pushed a commit to branch master
in repository guix.

commit 858b9afeaf1b41dc524b50c568dccb38c8ef4e73
Author: Leo Famulari <address@hidden>
Date:   Fri Dec 30 14:29:48 2016 -0500

    gnu: libpng: Mention CVE-2016-10087.
    
    * gnu/packages/patches/libpng-fix-null-ptr-dereference.patch: Rename to ...
    * gnu/packages/patches/libpng-CVE-2016-10087.patch: ... this.
    * gnu/local.mk (dist_patch_DATA): Adjust.
    * gnu/packages/image.scm (libpng/fixed)[source]: Use renamed patch.
---
 gnu/local.mk                                                        |    2 +-
 gnu/packages/image.scm                                              |    2 +-
 ...g-fix-null-ptr-dereference.patch => libpng-CVE-2016-10087.patch} |    3 ++-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index b7c182f..6963313 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -675,7 +675,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/libmad-armv7-thumb-pt2.patch            \
   %D%/packages/patches/libmad-frame-length.patch               \
   %D%/packages/patches/libmad-mips-newgcc.patch                        \
-  %D%/packages/patches/libpng-fix-null-ptr-dereference.patch   \
+  %D%/packages/patches/libpng-CVE-2016-10087.patch             \
   %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch                \
   %D%/packages/patches/libtar-CVE-2013-4420.patch \
   %D%/packages/patches/libtheora-config-guess.patch            \
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 687596f..ab4d3b0 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -95,7 +95,7 @@ library.  It supports almost all PNG features and is 
extensible.")
     (source
       (origin
         (inherit (package-source libpng))
-        (patches (search-patches "libpng-fix-null-ptr-dereference.patch"))))))
+        (patches (search-patches "libpng-CVE-2016-10087.patch"))))))
 
 (define-public libpng-1.2
   (package
diff --git a/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch 
b/gnu/packages/patches/libpng-CVE-2016-10087.patch
similarity index 87%
rename from gnu/packages/patches/libpng-fix-null-ptr-dereference.patch
rename to gnu/packages/patches/libpng-CVE-2016-10087.patch
index 1924591..8093b3e 100644
--- a/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch
+++ b/gnu/packages/patches/libpng-CVE-2016-10087.patch
@@ -1,5 +1,6 @@
-Fix a null pointer dereference in png_set_text_2():
+Fix CVE-2016-10087, a null pointer dereference in png_set_text_2():
 
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
 http://seclists.org/oss-sec/2016/q4/777
 
 Patch adapted from upstream source repository:
reply via email to
[Prev in Thread] Current Thread [Next in Thread]