[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024
From: |
Leo Famulari |
Subject: |
Re: [PATCH 0/2] Update imlib2 and patch against CVE-2016-4024 |
Date: |
Sat, 23 Apr 2016 00:01:02 -0400 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Fri, Apr 22, 2016 at 11:20:17PM -0400, Mark H Weaver wrote:
> Leo Famulari <address@hidden> writes:
>
> > This applies from a patch from imlib2's source code repository.
> >
> > The change fixes an integer overflow on 32-bit machines. The upstream
> > says:
> >
> > Security implications:
> > *) for 32-bit machines: insufficient heap allocation and heap overwrite
> > in many image loaders, with escalation potential to remote code
> > execution;
> > *) for 64-bit machines: it seems, no impact.
> >
> > In the patch file, there are references to imlib2's source repo and the
> > CVE page on Mitre.
> >
> > I tested that feh and scrot still work with this change.
>
> Looks good to me. Please push.
Done as e993fb84