Handle CVEs which I assessed originally to take
patches from other distributions.
Peter Marko (15):
uw-imap: patch CVE-2018-19518
spice: set CVE-2016-2150 status to fixed
id3lib: mark CVE-2007-4460 as fixed
procmail: patch CVE-2014-3618
procmail: patch CVE-2017-16844.
imagemagick: refactor so devtool upgrade works
imagemagick: upgrade 7.1.1-26 -> 7.1.1-43
imagemagick: mark CVE-2023-5341 as fixed
libwmf; switched to unofficial fork
limwmf: upgrade 0.2.8.4 -> 0.2.13
audiofile: fix multiple CVEs
audiofile: patch CVE-2017-6829
audiofile: fix multiple CVEs
audiofile: patch CVE-2017-6831
audiofile: patch CVE-2017-6839
.../recipes-support/spice/spice_git.bb | 1 +
.../uw-imap/uw-imap/CVE-2018-19518.patch | 24 ++++
.../recipes-devtools/uw-imap/uw-imap_2007f.bb | 1 +
...onfigure-use-pkg-config-for-freetype.patch | 67 ----------
.../libwmf/libwmf-0.2.8.4-intoverflow.patch | 33 -----
.../libwmf/libwmf-0.2.8.4-useafterfree.patch | 16 ---
.../recipes-extended/libwmf/libwmf_0.2.13.bb | 32 +++++
.../recipes-extended/libwmf/libwmf_0.2.8.4.bb | 38 ------
.../audiofile/audiofile_0.3.6.bb | 5 +
...ays-check-the-number-of-coefficients.patch | 45 +++++++
...ues-to-fix-index-overflow-in-IMA.cpp.patch | 43 ++++++
...multiplication-overflow-in-sfconvert.patch | 79 +++++++++++
...ail-when-error-occurs-in-parseFormat.patch | 46 +++++++
...lication-overflow-in-MSADPCM-decodeS.patch | 126 ++++++++++++++++++
.../recipes-multimedia/id3lib/id3lib_3.8.3.bb | 2 +
...agick_7.1.1.bb => imagemagick_7.1.1-43.bb} | 8 +-
.../procmail/procmail/CVE-2014-3618.patch | 29 ++++
.../procmail/procmail/CVE-2017-16844.patch | 20 +++
.../recipes-support/procmail/procmail_3.22.bb | 5 +-
19 files changed, 462 insertions(+), 158 deletions(-)
create mode 100644
meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch
delete mode 100644
meta-oe/recipes-extended/libwmf/libwmf/0001-configure-use-pkg-config-for-freetype.patch
delete mode 100644
meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-intoverflow.patch
delete mode 100644
meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-useafterfree.patch
create mode 100644 meta-oe/recipes-extended/libwmf/libwmf_0.2.13.bb
delete mode 100644 meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb
create mode 100644
meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch
create mode 100644
meta-oe/recipes-multimedia/audiofile/files/0005-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
create mode 100644
meta-oe/recipes-multimedia/audiofile/files/0006-Check-for-multiplication-overflow-in-sfconvert.patch
create mode 100644
meta-oe/recipes-multimedia/audiofile/files/0007-Actually-fail-when-error-occurs-in-parseFormat.patch
create mode 100644
meta-oe/recipes-multimedia/audiofile/files/0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch
rename meta-oe/recipes-support/imagemagick/{imagemagick_7.1.1.bb =>
imagemagick_7.1.1-43.bb} (98%)
create mode 100644
meta-oe/recipes-support/procmail/procmail/CVE-2014-3618.patch
create mode 100644
meta-oe/recipes-support/procmail/procmail/CVE-2017-16844.patch
--
2.30.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#114558):
https://lists.openembedded.org/g/openembedded-devel/message/114558
Mute This Topic: https://lists.openembedded.org/mt/110303078/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
