Google Git
Sign in
android-kvm / buildroot / 105d61c85062b18bc9555011f909c8c8a5a33277
commit105d61c85062b18bc9555011f909c8c8a5a33277[log] [tgz]
authorHeiko Stuebner <heiko.stuebner@theobroma-systems.com>Fri Nov 13 13:28:35 2020 +0100
committerPeter Korsgaard <peter@korsgaard.com>Tue Nov 17 21:39:13 2020 +0100
tree673d49e9da37766684e240052d1469ac2c3532c8
parentd3343d3f7a6cea5c7261a79ece6cbf01ceaa41de [diff]
package/jpeg-turbo: security bump to version 2.0.5

Fixes the following security issue:

- CVE-2020-13790: ibjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based
  buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input
  file

For more details, see the release notes:
https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.5

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
[Peter: mark as security bump / extend commit message]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2 files changed
tree: 673d49e9da37766684e240052d1469ac2c3532c8
  1. arch/
  2. board/
  3. boot/
  4. configs/
  5. docs/
  6. fs/
  7. linux/
  8. package/
  9. support/
  10. system/
  11. toolchain/
  12. utils/
  13. .defconfig
  14. .flake8
  15. .gitignore
  16. .gitlab-ci.yml
  17. CHANGES
  18. Config.in
  19. Config.in.legacy
  20. COPYING
  21. DEVELOPERS
  22. Makefile
  23. Makefile.legacy
  24. README