[oe-commits] [meta-openembedded] 06/07: php: Security fix CVE-2016-1903

git at git.openembedded.org git at git.openembedded.org
Mon Feb 8 13:10:18 UTC 2016 

martin_jansa pushed a commit to branch fido-next
in repository meta-openembedded.

commit a7c1a2b0e6947740758136216e45ca6ca66321fc
Author: Armin Kuster <akuster at mvista.com>
AuthorDate: Sun Feb 7 11:44:07 2016 -0800

    php: Security fix CVE-2016-1903
    
    CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated
    
    Signed-off-by: Armin Kuster <akuster at mvista.com>
---
 .../recipes-devtools/php/php/CVE-2016-1903.patch   | 28 ++++++++++++++++++++++
 meta-oe/recipes-devtools/php/php_5.5.21.bb         |  1 +
 2 files changed, 29 insertions(+)

diff --git a/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch b/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch
new file mode 100644
index 0000000..46c9a24
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch
@@ -0,0 +1,28 @@
+From aa8d3a8cc612ba87c0497275f58a2317a90fb1c4 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi at php.net>
+Date: Tue, 12 Jan 2016 13:52:27 +0100
+Subject: [PATCH] fix the fix for bug #70976 (imagerotate)
+
+Upstream-Status: Backport
+https://github.com/php/php-src/commit/aa8d3a8cc612ba87c0497275f58a2317a90fb1c4
+
+CVE: CVE-2016-1903
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+---
+ ext/gd/libgd/gd_interpolation.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+Index: php-5.5.21/ext/gd/libgd/gd_interpolation.c
+===================================================================
+--- php-5.5.21.orig/ext/gd/libgd/gd_interpolation.c
++++ php-5.5.21/ext/gd/libgd/gd_interpolation.c
+@@ -2162,7 +2162,7 @@ gdImagePtr gdImageRotateInterpolated(con
+ 	   images can be done at a later point.
+ 	*/
+ 	if (src->trueColor == 0) {
+-		if (bgcolor >= 0) {
++		if (bgcolor < gdMaxColors) {
+ 			bgcolor =  gdTrueColorAlpha(src->red[bgcolor], src->green[bgcolor], src->blue[bgcolor], src->alpha[bgcolor]);
+ 		}
+ 		gdImagePaletteToTrueColor(src);
diff --git a/meta-oe/recipes-devtools/php/php_5.5.21.bb b/meta-oe/recipes-devtools/php/php_5.5.21.bb
index ed286d6..6bdd1c5 100644
--- a/meta-oe/recipes-devtools/php/php_5.5.21.bb
+++ b/meta-oe/recipes-devtools/php/php_5.5.21.bb
@@ -16,6 +16,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \
            file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \
            file://CVE-2015-7803.patch \
            file://CVE-2015-7804.patch \
+           file://CVE-2016-1903.patch \
           "
 
 SRC_URI_append_class-target += " \

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list