From: Armin Kuster <[email protected]> CVE-2016-1903 php: Out-of-bounds memory read via gdImageRotateInterpolated
Signed-off-by: Armin Kuster <[email protected]> --- .../recipes-devtools/php/php/CVE-2016-1903.patch | 28 ++++++++++++++++++++++ meta-oe/recipes-devtools/php/php_5.5.21.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch diff --git a/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch b/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch new file mode 100644 index 0000000..46c9a24 --- /dev/null +++ b/meta-oe/recipes-devtools/php/php/CVE-2016-1903.patch @@ -0,0 +1,28 @@ +From aa8d3a8cc612ba87c0497275f58a2317a90fb1c4 Mon Sep 17 00:00:00 2001 +From: Remi Collet <[email protected]> +Date: Tue, 12 Jan 2016 13:52:27 +0100 +Subject: [PATCH] fix the fix for bug #70976 (imagerotate) + +Upstream-Status: Backport +https://github.com/php/php-src/commit/aa8d3a8cc612ba87c0497275f58a2317a90fb1c4 + +CVE: CVE-2016-1903 +Signed-off-by: Armin Kuster <[email protected]> + +--- + ext/gd/libgd/gd_interpolation.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +Index: php-5.5.21/ext/gd/libgd/gd_interpolation.c +=================================================================== +--- php-5.5.21.orig/ext/gd/libgd/gd_interpolation.c ++++ php-5.5.21/ext/gd/libgd/gd_interpolation.c +@@ -2162,7 +2162,7 @@ gdImagePtr gdImageRotateInterpolated(con + images can be done at a later point. + */ + if (src->trueColor == 0) { +- if (bgcolor >= 0) { ++ if (bgcolor < gdMaxColors) { + bgcolor = gdTrueColorAlpha(src->red[bgcolor], src->green[bgcolor], src->blue[bgcolor], src->alpha[bgcolor]); + } + gdImagePaletteToTrueColor(src); diff --git a/meta-oe/recipes-devtools/php/php_5.5.21.bb b/meta-oe/recipes-devtools/php/php_5.5.21.bb index ed286d6..6bdd1c5 100644 --- a/meta-oe/recipes-devtools/php/php_5.5.21.bb +++ b/meta-oe/recipes-devtools/php/php_5.5.21.bb @@ -16,6 +16,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ file://0001-acinclude-use-pkgconfig-for-libxml2-config.patch \ file://CVE-2015-7803.patch \ file://CVE-2015-7804.patch \ + file://CVE-2016-1903.patch \ " SRC_URI_append_class-target += " \ -- 2.3.5 -- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
