From: Richard Purdie <[email protected]>

A vulnerability in the `xpmNextWord()` function could cause an internal pointer 
to read beyond the file's end due to improper validation of file boundaries. 
This issue was fixed in libXpm 3.5.19.

The changes between 3.5.18 and 3.5.19 contain only the fix to CVE-2026-4367.

Signed-off-by: Richard Purdie <[email protected]>
Signed-off-by: Enoch Ng <[email protected]>
(cherry picked from commit 1fc25a668ee8bbabf7e8e369b2d94867cd22243b)
[YC: changelog: 
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/compare/libXpm-3.5.18...libXpm-3.5.19
 ]
Signed-off-by: Yoann Congal <[email protected]>
---
 .../xorg-lib/{libxpm_3.5.18.bb => libxpm_3.5.19.bb}             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/xorg-lib/{libxpm_3.5.18.bb => libxpm_3.5.19.bb} 
(88%)

diff --git a/meta/recipes-graphics/xorg-lib/libxpm_3.5.18.bb 
b/meta/recipes-graphics/xorg-lib/libxpm_3.5.19.bb
similarity index 88%
rename from meta/recipes-graphics/xorg-lib/libxpm_3.5.18.bb
rename to meta/recipes-graphics/xorg-lib/libxpm_3.5.19.bb
index 94bf28232e9..32e052fd424 100644
--- a/meta/recipes-graphics/xorg-lib/libxpm_3.5.18.bb
+++ b/meta/recipes-graphics/xorg-lib/libxpm_3.5.19.bb
@@ -22,6 +22,6 @@ PACKAGES =+ "sxpm cxpm"
 FILES:cxpm = "${bindir}/cxpm"
 FILES:sxpm = "${bindir}/sxpm"
 
-SRC_URI[sha256sum] = 
"b4ed79bfc718000edee837d551c35286f0b84576db0ce07bbbebe60a4affa1e4"
+SRC_URI[sha256sum] = 
"ad3576d689221a39dc728f0e0dc02ca7bb6a0d724c9a77fd1bfa1e9af83be900"
 
 BBCLASSEXTEND = "native"
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#240171): 
https://lists.openembedded.org/g/openembedded-core/message/240171
Mute This Topic: https://lists.openembedded.org/mt/120131921/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to