diff options
| author |   Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-07-07 19:11:10 +0530 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2017-11-16 15:29:25 -0800 |
| commit | 4c57e20705c4b2afa1ae5ef6a1db3c18ddb6ce6c (patch) | |
| tree | 411d136e67d4c3c45948d56ae9aa614651432279 /meta-oe/recipes-devtools/php/php_5.6.26.bb | |
| parent | e76c1874456c8f131a8104d1359befd24a19036a (diff) | |
| download | meta-openembedded-contrib-4c57e20705c4b2afa1ae5ef6a1db3c18ddb6ce6c.tar.gz | |
php: CVE-2016-9933
Source: php-src.git
MR: 70039
Type: Security Fix
Disposition: Backport from php-7.2.0
ChangeID: 7af5552e8c05decf9ea6de19c81ee4bf0037f56f
Description:
imagefilltoborder stackoverflow on truecolor images
We must not allow negative color values be passed to
gdImageFillToBorder(), because that can lead to infinite recursion
since the recursion termination condition will not necessarily be met.
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe/recipes-devtools/php/php_5.6.26.bb')
| -rw-r--r-- | meta-oe/recipes-devtools/php/php_5.6.26.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php_5.6.26.bb b/meta-oe/recipes-devtools/php/php_5.6.26.bb index 741c825b94..a10d2a6bc1 100644 --- a/meta-oe/recipes-devtools/php/php_5.6.26.bb +++ b/meta-oe/recipes-devtools/php/php_5.6.26.bb @@ -6,6 +6,7 @@ SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch \ file://CVE-2016-9137.patch \ file://CVE-2016-9934.patch \ file://CVE-2016-9935.patch \ + file://CVE-2016-9933.patch \ " SRC_URI[md5sum] = "cb424b705cfb715fc04f499f8a8cf52e" SRC_URI[sha256sum] = "d47aab8083a4284b905777e1b45dd7735adc53be827b29f896684750ac8b6236" |