From: Zhang Peng <[email protected]> Changelog: * Compilation fixes for libxml 2.13 * Fix ABR in gsf-vba-dump. * Teach gsf (the tool) to handle odf properties. * Fix integer overflows affecting memory allocation. * Add missing "DocumentStatus" ole2 property. * Avoid some undefined C behaviour in overflow checks.
Security fixes: CVE-2024-42415 An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. CVE-2024-36474 An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Reference: [https://gitlab.gnome.org/GNOME/libgsf/-/issues/34] (master rev: 6ed5891c18fc78a69764af0a29ad9b5feefb1aa8) Signed-off-by: Zhang Peng <[email protected]> --- .../libgsf/{libgsf_1.14.52.bb => libgsf_1.14.53.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-gnome/recipes-gnome/libgsf/{libgsf_1.14.52.bb => libgsf_1.14.53.bb} (72%) diff --git a/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.52.bb b/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.53.bb similarity index 72% rename from meta-gnome/recipes-gnome/libgsf/libgsf_1.14.52.bb rename to meta-gnome/recipes-gnome/libgsf/libgsf_1.14.53.bb index 7e1842b1ac..ffa24e8120 100644 --- a/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.52.bb +++ b/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.53.bb @@ -9,8 +9,8 @@ DEPENDS= "libxml2 bzip2 glib-2.0 zlib" GNOMEBASEBUILDCLASS = "autotools" inherit gnomebase gobject-introspection gettext gtk-doc -SRC_URI[archive.sha256sum] = "9181c914b9fac0e05d6bcaa34c7b552fe5fc0961d3c9f8c01ccc381fb084bcf0" -SRC_URI += "file://0001-configure.ac-drop-a-copy-paste-of-introspection.m4-m.patch" +SRC_URI[archive.sha256sum] = "0eb59a86e0c50f97ac9cfe4d8cc1969f623f2ae8c5296f2414571ff0a9e8bcba" +SRC_URI += " file://0001-configure.ac-drop-a-copy-paste-of-introspection.m4-m.patch" PACKAGECONFIG ??= "" PACKAGECONFIG[gdk-pixbuf] = "--with-gdk-pixbuf,--without-gdk-pixbuf,gdk-pixbuf" -- 2.39.4
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#114180): https://lists.openembedded.org/g/openembedded-devel/message/114180 Mute This Topic: https://lists.openembedded.org/mt/109897135/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
