[oe-commits] Li Wang : librsvg: CVE-2011-3146
git at git.openembedded.org
git at git.openembedded.org
Mon Jan 7 11:35:57 UTC 2013
Module: openembedded-core.git
Branch: danny
Commit: fdd6da5933a3e7dd1e0ca2afd7107839b4fa65e8
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=fdd6da5933a3e7dd1e0ca2afd7107839b4fa65e8
Author: Li Wang <li.wang at windriver.com>
Date: Mon Jan 7 11:10:02 2013 +0000
librsvg: CVE-2011-3146
Store node type separately in RsvgNode
commit 34c95743ca692ea0e44778e41a7c0a129363de84 upstream
The node name (formerly RsvgNode:type) cannot be used to infer
the sub-type of RsvgNode that we're dealing with, since for unknown
elements we put type = node-name. This lead to a (potentially exploitable)
crash e.g. when the element name started with "fe" which tricked
the old code into considering it as a RsvgFilterPrimitive.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3146
https://bugzilla.gnome.org/show_bug.cgi?id=658014
[YOCTO #3581]
[ CQID: WIND00376773 ]
Upstream-Status: Backport
Signed-off-by: Li Wang <li.wang at windriver.com>
Signed-off-by: Saul Wold <sgw at linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
.../librsvg-2.32.1/librsvg-CVE-2011-3146.patch | 1088 ++++++++++++++++++++
meta/recipes-gnome/librsvg/librsvg_2.32.1.bb | 6 +-
2 files changed, 1092 insertions(+), 2 deletions(-)
Diff: http://git.openembedded.org/?p=openembedded-core.git/?a=commitdiff;h=fdd6da5933a3e7dd1e0ca2afd7107839b4fa65e8
More information about the Openembedded-commits
mailing list