aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Bernd Kuhls <bernd.kuhls@t-online.de>2016-12-18 14:04:20 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2017-01-25 11:44:31 +0100
commit0d09bfa43f26930566e4dc704c03b5e2599e33af (patch)
tree7d52113a34908005015411ec9c632efe5396b52c
parentb8e588e623868d6ab239786b4cf486e1defc9c1c (diff)
downloadbuildroot-0d09bfa43f26930566e4dc704c03b5e2599e33af.tar.gz
buildroot-0d09bfa43f26930566e4dc704c03b5e2599e33af.tar.bz2
package/x11r7/xlib_libXpm: bump version to 3.5.12
Fixes CVE-2016-10164: The affected code is prone to two 32 bit integer overflows while parsing extensions: the amount of extensions and their concatenated length. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> (cherry picked from commit e9f66e194a43e9dac4a8c88bcb5b3253845cd805)
-rw-r--r--package/x11r7/xlib_libXpm/xlib_libXpm.hash4
-rw-r--r--package/x11r7/xlib_libXpm/xlib_libXpm.mk2
2 files changed, 3 insertions, 3 deletions
diff --git a/package/x11r7/xlib_libXpm/xlib_libXpm.hash b/package/x11r7/xlib_libXpm/xlib_libXpm.hash
index 22c9fc62fa..d94a902682 100644
--- a/package/x11r7/xlib_libXpm/xlib_libXpm.hash
+++ b/package/x11r7/xlib_libXpm/xlib_libXpm.hash
@@ -1,2 +1,2 @@
-# From http://lists.freedesktop.org/archives/xorg/2013-September/056010.html
-sha256 c5bdafa51d1ae30086fac01ab83be8d47fe117b238d3437f8e965434090e041c libXpm-3.5.11.tar.bz2
+# From https://lists.x.org/archives/xorg-announce/2016-December/002752.html
+sha256 fd6a6de3da48de8d1bb738ab6be4ad67f7cb0986c39bd3f7d51dd24f7854bdec libXpm-3.5.12.tar.bz2
diff --git a/package/x11r7/xlib_libXpm/xlib_libXpm.mk b/package/x11r7/xlib_libXpm/xlib_libXpm.mk
index 997ef958e9..c8c5496514 100644
--- a/package/x11r7/xlib_libXpm/xlib_libXpm.mk
+++ b/package/x11r7/xlib_libXpm/xlib_libXpm.mk
@@ -4,7 +4,7 @@
#
################################################################################
-XLIB_LIBXPM_VERSION = 3.5.11
+XLIB_LIBXPM_VERSION = 3.5.12
XLIB_LIBXPM_SOURCE = libXpm-$(XLIB_LIBXPM_VERSION).tar.bz2
XLIB_LIBXPM_SITE = http://xorg.freedesktop.org/releases/individual/lib
XLIB_LIBXPM_LICENSE = MIT