Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024

From:	Leo Famulari
Subject:	Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024
Date:	Sat, 23 Apr 2016 00:01:02 -0400
User-agent:	Mutt/1.5.24 (2015-08-30)

On Fri, Apr 22, 2016 at 11:20:17PM -0400, Mark H Weaver wrote:
> Leo Famulari <address@hidden> writes:
> 
> > This applies from a patch from imlib2's source code repository.
> >
> > The change fixes an integer overflow on 32-bit machines. The upstream
> > says:
> >
> > Security implications:
> > *) for 32-bit machines: insufficient heap allocation and heap overwrite
> > in many image loaders, with escalation potential to remote code
> > execution;
> > *) for 64-bit machines: it seems, no impact.
> >
> > In the patch file, there are references to imlib2's source repo and the
> > CVE page on Mitre.
> >
> > I tested that feh and scrot still work with this change.
> 
> Looks good to me.  Please push.

Done as e993fb84

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/2] Update imlib2 and patch against CVE-2016-4024, Leo Famulari, 2016/04/20
- [PATCH 2/2] gnu: imlib2: Fix CVE-2016-4024., Leo Famulari, 2016/04/20
- [PATCH 1/2] gnu: imlib2: Update to 1.4.8., Leo Famulari, 2016/04/20
- Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024, Mark H Weaver, 2016/04/22
  - Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024, Leo Famulari <=

Prev by Date: Re: [PATCH] gnu: powertop: Patch absolute file names.
Next by Date: [PATCH] gnu: Add Red Eclipse.
Previous by thread: Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024
Next by thread: [PATCH] emacs: Add 'guix-version' command.
Index(es):
- Date
- Thread