diff options
| author | Armin Kuster <akuster@mvista.com> | 2016-02-07 11:44:07 -0800 |
|---|---|---|
| committer | Martin Jansa <Martin.Jansa@gmail.com> | 2016-02-08 14:13:40 +0100 |
| commit | a7c1a2b0e6947740758136216e45ca6ca66321fc (patch) | |
| tree | 438e5706591ccf323260e4f01205ddcf672bd18d | |
| parent | 7cb8c764e73692adb501cbb76e72ef3373fc74c2 (diff) | |
| download | meta-openembedded-a7c1a2b0e6947740758136216e45ca6ca66321fc.tar.gz | |
php: Security fix CVE-2016-1903
CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated
Signed-off-by: Armin Kuster <akuster@mvista.com>
| -rw-r--r-- | meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch | 28 | ||||
| -rw-r--r-- | meta-oe/recipes-devtools/php/php_5.5.21.bb | 1 |
2 files changed, 29 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch b/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch new file mode 100644 index 000000000..46c9a24ac --- /dev/null +++ b/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch @@ -0,0 +1,28 @@ +From aa8d3a8cc612ba87c0497275f58a2317a90fb1c4 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@php.net> +Date: Tue, 12 Jan 2016 13:52:27 +0100 +Subject: [PATCH] fix the fix for bug #70976 (imagerotate) + +Upstream-Status: Backport +https://github.com/php/php-src/commit/aa8d3a8cc612ba87c0497275f58a2317a90fb1c4 + +CVE: CVE-2016-1903 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + ext/gd/libgd/gd_interpolation.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +Index: php-5.5.21/ext/gd/libgd/gd_interpolation.c +=================================================================== +--- php-5.5.21.orig/ext/gd/libgd/gd_interpolation.c ++++ php-5.5.21/ext/gd/libgd/gd_interpolation.c +@@ -2162,7 +2162,7 @@ gdImagePtr gdImageRotateInterpolated(con + images can be done at a later point. + */ + if (src->trueColor == 0) { +- if (bgcolor >= 0) { ++ if (bgcolor < gdMaxColors) { + bgcolor = gdTrueColorAlpha(src->red[bgcolor], src->green[bgcolor], src->blue[bgcolor], src->alpha[bgcolor]); + } + gdImagePaletteToTrueColor(src); diff --git a/meta-oe/recipes-devtools/php/php_5.5.21.bb b/meta-oe/recipes-devtools/php/php_5.5.21.bb index ed286d6a8..6bdd1c5da 100644 --- a/meta-oe/recipes-devtools/php/php_5.5.21.bb +++ b/meta-oe/recipes-devtools/php/php_5.5.21.bb @@ -16,6 +16,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \ file://CVE-2015-7803.patch \ file://CVE-2015-7804.patch \ + file://CVE-2016-1903.patch \ " SRC_URI_append_class-target += " \ |