From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001 From: takeshi_hoshina Date: Mon, 2 Nov 2020 11:07:33 +0900 Subject: basesystem-jj recipes --- .../python-imaging-CVE-2016-2533.patch | 38 ++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 external/meta-python2/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch (limited to 'external/meta-python2/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch') diff --git a/external/meta-python2/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch b/external/meta-python2/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch new file mode 100644 index 00000000..b01136f9 --- /dev/null +++ b/external/meta-python2/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch @@ -0,0 +1,38 @@ +python-imaging: CVE-2016-2533 + +the patch comes from: +https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2533 +https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b + +PCD decoder overruns the shuffle buffer, Fixes #568 + +Signed-off-by: Li Wang +--- + libImaging/PcdDecode.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libImaging/PcdDecode.c b/libImaging/PcdDecode.c +index b6898e3..c02d005 100644 +--- a/libImaging/PcdDecode.c ++++ b/libImaging/PcdDecode.c +@@ -47,7 +47,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes) + out[0] = ptr[x]; + out[1] = ptr[(x+4*state->xsize)/2]; + out[2] = ptr[(x+5*state->xsize)/2]; +- out += 4; ++ out += 3; + } + + state->shuffle((UINT8*) im->image[state->y], +@@ -62,7 +62,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes) + out[0] = ptr[x+state->xsize]; + out[1] = ptr[(x+4*state->xsize)/2]; + out[2] = ptr[(x+5*state->xsize)/2]; +- out += 4; ++ out += 3; + } + + state->shuffle((UINT8*) im->image[state->y], +-- +1.7.9.5 + -- cgit 1.2.3-korg