[oe] [PATCH 6/7] php: Security fix CVE-2016-1903

Armin Kuster akuster808 at gmail.com
Sun Feb 7 21:11:58 UTC 2016 

From: Armin Kuster <akuster at mvista.com>

CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated

Signed-off-by: Armin Kuster <akuster at mvista.com>
---
 .../recipes-devtools/php/php/CVE-2016-1903.patch   | 28 ++++++++++++++++++++++
 meta-oe/recipes-devtools/php/php_5.5.21.bb         |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch

diff --git a/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch b/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch
new file mode 100644
index 0000000..46c9a24
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch
@@ -0,0 +1,28 @@
+From aa8d3a8cc612ba87c0497275f58a2317a90fb1c4 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi at php.net>
+Date: Tue, 12 Jan 2016 13:52:27 +0100
+Subject: [PATCH] fix the fix for bug #70976 (imagerotate)
+
+Upstream-Status: Backport
+https://github.com/php/php-src/commit/aa8d3a8cc612ba87c0497275f58a2317a90fb1c4
+
+CVE: CVE-2016-1903
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+---
+ ext/gd/libgd/gd_interpolation.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+Index: php-5.5.21/ext/gd/libgd/gd_interpolation.c
+===================================================================
+--- php-5.5.21.orig/ext/gd/libgd/gd_interpolation.c
++++ php-5.5.21/ext/gd/libgd/gd_interpolation.c
+@@ -2162,7 +2162,7 @@ gdImagePtr gdImageRotateInterpolated(con
+ 	   images can be done at a later point.
+ 	*/
+ 	if (src->trueColor == 0) {
+-		if (bgcolor >= 0) {
++		if (bgcolor < gdMaxColors) {
+ 			bgcolor =  gdTrueColorAlpha(src->red[bgcolor], src->green[bgcolor], src->blue[bgcolor], src->alpha[bgcolor]);
+ 		}
+ 		gdImagePaletteToTrueColor(src);
diff --git a/meta-oe/recipes-devtools/php/php_5.5.21.bb b/meta-oe/recipes-devtools/php/php_5.5.21.bb
index ed286d6..6bdd1c5 100644
--- a/meta-oe/recipes-devtools/php/php_5.5.21.bb
+++ b/meta-oe/recipes-devtools/php/php_5.5.21.bb
@@ -16,6 +16,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \
            file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \
            file://CVE-2015-7803.patch \
            file://CVE-2015-7804.patch \
+           file://CVE-2016-1903.patch \
           "
 
 SRC_URI_append_class-target += " \
-- 
2.3.5

More information about the Openembedded-devel mailing list