| Message ID | 20191104142654.20440-1-ross.burton@intel.com |
|---|---|
| State | Accepted |
| Commit | 341e43ebd935daeb592cb073bf00f80c49a8ec2d |
| Headers | show
Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp1554473ilf; Mon, 4 Nov 2019 06:27:03 -0800 (PST) X-Google-Smtp-Source: APXvYqxzi8uIu0fMY9j/p9VA22sAOacajwsotJslZkwh0LTPJ6g1I+PgnPv0yuSeq0155oFLOBv/ X-Received: by 2002:a17:90a:2e81:: with SMTP id r1mr35481938pjd.64.1572877623000; Mon, 04 Nov 2019 06:27:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572877622; cv=none; d=google.com; s=arc-20160816; b=iAY0Exj62s1p7xr2XpmHuk3V147MXrfRbZEBW2Sb910GGzy7h1dqtOjVgDqL36UOj9 u2pKWnWWdtoAsD4qPughTvUEVs5bFLO8DkAHWJe5f2fXFoU0ZFydi45VQDhxumOLWI+N 8MqMfPRx1EQ1WJBedSjHPNgG9p8KZVOogcVpnz8i2cRtRkMP0fJTNGnUOQKLHU2jNSMe B++j7pKFXEA+/X4BMd1wg7ma8YI/WW+EPrqhV9l0SLAfa9xI4i4HMqZ317gwnn2xZevk sUkfKRdX56ygOz1LXVYjQJZUA2I1BjLKMdC9RgoQqcmjZjRCQixSA4YW0OjKRNNUpdGf /hsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:delivered-to; bh=ZGF4h5jjmai1Bps2IzeE0VgL4iBAkrqihG0lWUsrhvY=; b=nnC/KIlXoERUx4AvM0fKBb5fmsA2CNV+J+Q42GtQuz7Jc9ImeBX94aRZ2qB1+Pn8ne nDM7YalpGOOiIHUfllif/nUCoigHp/MSR7EyghyGWto+iMLwVzSedlqflRieirEWyJFr A0A45OeEym/g7+PsWSn7yfiG+Ipk2C4SWEQ+MBdA/c57LO/vQEsQkoy9KN8KHTPFj+Nm 2XQt7zL6nPr3ddPVHE09ng22sqSivua+QujUwzhPnRC8PNVJi2DOlecS34FnL35v74YT FIlV+DemMtY8RBrQz3vxSCEP/AYj1Eu5oz44PAr2uL43GVIzNFtZBDyB1RRxB1Q+md6U BH8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=o5GdORdT; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: <openembedded-core-bounces@lists.openembedded.org> Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id f123si22738861pgc.34.2019.11.04.06.27.02; Mon, 04 Nov 2019 06:27:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=o5GdORdT; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 4AF1B7F8CB; Mon, 4 Nov 2019 14:27:00 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) by mail.openembedded.org (Postfix) with ESMTP id 71AB07F8B1 for <openembedded-core@lists.openembedded.org>; Mon, 4 Nov 2019 14:26:58 +0000 (UTC) Received: by mail-wr1-f67.google.com with SMTP id e6so15474569wrw.1 for <openembedded-core@lists.openembedded.org>; Mon, 04 Nov 2019 06:26:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=53+b28IIfSQ2jhU2GL68wQ10l87FtLXRotEOeRlNVCo=; b=o5GdORdTsDtcA6hg7Kpx5oUraIjcKROAMBBygMfudqQ+I+DiKNdSXguMEszc95tR/+ wzYhtZ3AgzMmSvhDnQafumu1dX9nMNtKNYmfoImmHq26mZ6hsclEmYafE6vSzjZL2Xhn J7M3EPh5br6e9Ufua2I0ynqSlLnM8QyMEXiJDSXLFAZKJaQ+shPYwBvVrcl/SROVwV4V I5J8o9+SvDTBwdec7gHPl/rAd+SN0XSdJbjQccPrxE03hvrVSGGGcTnQxfR+SQnu8Oih pUw+Hkft8Jlmm1H46n1fzQ3e/8Kp5iUhWAbzhz0Zwp8I4IuLCwhsIEIWkTxmi1ZVYtuq /kZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=53+b28IIfSQ2jhU2GL68wQ10l87FtLXRotEOeRlNVCo=; b=Pai3Q+jHUzCaOoe3FItIyMzf1Bvk6rlIZhTja2HtHBuBA6JEnYbC2Prnc7yLv09Lq8 xFzMFrZKmwINJYkS5g3gx1cXCrhv98Rfv1yLHm8pRAXZ7FmSatsRDzLZzY5S0LfbSQ/1 5v7HYUfN/lypqldI+IonnZdVOLa7VRv70AAs38eu9zy2I0cuIKcjrcXNoeaIRtEfvVBf 1r1iNjumhGxubgwnwTqHLUtynuW3SrJO05ZAddAYzVLfXTbIBeriLEttjN2sZ2dXy8Sy JVg+BsSmqJxmjISs5Qa+JhxGfT7mYxqsWFLrWoUvwA506dDpK+hThfrasozoiLYtEFhD xwDw== X-Gm-Message-State: APjAAAWT4uBuFWK4mWEeJCS8opjCq1g6xfUcFfCoesPdCwi/E9uRVU7M RgvXQBH8KKz4DqFGq8BIBDyrvXTXJ2A= X-Received: by 2002:adf:f1c7:: with SMTP id z7mr16067940wro.355.1572877618945; Mon, 04 Nov 2019 06:26:58 -0800 (PST) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id d4sm26873251wrc.54.2019.11.04.06.26.57 for <openembedded-core@lists.openembedded.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Nov 2019 06:26:57 -0800 (PST) From: Ross Burton <ross.burton@intel.com> To: openembedded-core@lists.openembedded.org Date: Mon, 4 Nov 2019 14:26:52 +0000 Message-Id: <20191104142654.20440-1-ross.burton@intel.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [OE-core] [PATCH v2 1/3] libpng: whitelist CVE-2019-17371 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer <openembedded-core.lists.openembedded.org> List-Unsubscribe: <http://lists.openembedded.org/mailman/options/openembedded-core>, <mailto:openembedded-core-request@lists.openembedded.org?subject=unsubscribe> List-Archive: <http://lists.openembedded.org/pipermail/openembedded-core/> List-Post: <mailto:openembedded-core@lists.openembedded.org> List-Help: <mailto:openembedded-core-request@lists.openembedded.org?subject=help> List-Subscribe: <http://lists.openembedded.org/mailman/listinfo/openembedded-core>, <mailto:openembedded-core-request@lists.openembedded.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org |
| Series |
[v2,1/3] libpng: whitelist CVE-2019-17371
|
expand
|
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.37.bb b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb index 66af2f3d60e..2ed87a84374 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.37.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.37.bb @@ -29,3 +29,6 @@ PACKAGES =+ "${PN}-tools" FILES_${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp" BBCLASSEXTEND = "native nativesdk" + +# CVE-2019-17371 is actually a memory leak in gif2png 2.x +CVE_CHECK_WHITELIST += "CVE-2019-17371"
This is actually a memory leak in gif2png 2.x, so whitelist it in the libpng recipe. Signed-off-by: Ross Burton <ross.burton@intel.com> --- meta/recipes-multimedia/libpng/libpng_1.6.37.bb | 3 +++ 1 file changed, 3 insertions(+) -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core