From: Gyorgy Sarvari via lists.openembedded.org <[email protected]>
Details: https://nvd.nist.gov/vuln/detail/CVE-2015-4696 Pick the patch that mentions the vulnerability ID explicitly. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../libwmf/libwmf/CVE-2015-4696.patch | 37 +++++++++++++++++++ .../recipes-extended/libwmf/libwmf_0.2.8.4.bb | 1 + 2 files changed, 38 insertions(+) create mode 100644 meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-4696.patch diff --git a/meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-4696.patch b/meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-4696.patch new file mode 100644 index 0000000000..bd5fc4d85f --- /dev/null +++ b/meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-4696.patch @@ -0,0 +1,37 @@ +From f743ef455dfb1faade0ca5290994087ef8b12a98 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <[email protected]> +Date: Wed, 8 Aug 2018 14:00:49 +0100 +Subject: [PATCH] CVE-2015-4696 + +CVE: CVE-2015-4696 +Upstream-Status: Backport [https://github.com/caolanm/libwmf/commit/f47cbdf96838c2daa7b8e489f59e62371d33352a] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/player/meta.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/player/meta.h b/src/player/meta.h +index 3e13688..f86c5f9 100644 +--- a/src/player/meta.h ++++ b/src/player/meta.h +@@ -2585,6 +2585,8 @@ static int meta_dc_restore (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrlis + polyrect.BR[i] = clip->rects[i].BR; + } + ++ if (FR->region_clip) FR->region_clip (API,&polyrect); ++ + wmf_free (API,polyrect.TL); + wmf_free (API,polyrect.BR); + } +@@ -2593,9 +2595,10 @@ static int meta_dc_restore (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrlis + polyrect.BR = 0; + + polyrect.count = 0; ++ ++ if (FR->region_clip) FR->region_clip (API,&polyrect); + } + +- if (FR->region_clip) FR->region_clip (API,&polyrect); + + return (changed); + } diff --git a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb b/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb index 364bf4b022..e1f94172ae 100644 --- a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb +++ b/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb @@ -21,6 +21,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/wvware/${BPN}/${PV}/${BPN}-${PV}.tar.gz;name=ta file://0001-configure-use-pkg-config-for-freetype.patch \ file://CVE-2015-0848-CVE-2015-4588.patch \ file://CVE-2015-4695.patch \ + file://CVE-2015-4696.patch \ " SRC_URI[tarball.md5sum] = "d1177739bf1ceb07f57421f0cee191e0"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121847): https://lists.openembedded.org/g/openembedded-devel/message/121847 Mute This Topic: https://lists.openembedded.org/mt/116354045/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
