aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/gimp-CVE-2017-17787.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/gimp-CVE-2017-17787.patch')
-rw-r--r--gnu/packages/patches/gimp-CVE-2017-17787.patch42
1 files changed, 0 insertions, 42 deletions
diff --git a/gnu/packages/patches/gimp-CVE-2017-17787.patch b/gnu/packages/patches/gimp-CVE-2017-17787.patch
deleted file mode 100644
index b5310d33d9..0000000000
--- a/gnu/packages/patches/gimp-CVE-2017-17787.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix CVE-2017-17787:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787
-https://bugzilla.gnome.org/show_bug.cgi?id=790853
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/gimp/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d
-
-From 87ba505fff85989af795f4ab6a047713f4d9381d Mon Sep 17 00:00:00 2001
-From: Jehan <jehan@girinstud.io>
-Date: Thu, 21 Dec 2017 12:49:41 +0100
-Subject: [PATCH] Bug 790853 - (CVE-2017-17787) heap overread in psp importer.
-
-As any external data, we have to check that strings being read at fixed
-length are properly nul-terminated.
-
-(cherry picked from commit eb2980683e6472aff35a3117587c4f814515c74d)
----
- plug-ins/common/file-psp.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
-index 4cbafe37b1..e350e4d88d 100644
---- a/plug-ins/common/file-psp.c
-+++ b/plug-ins/common/file-psp.c
-@@ -890,6 +890,12 @@ read_creator_block (FILE *f,
- g_free (string);
- return -1;
- }
-+ if (string[length - 1] != '\0')
-+ {
-+ g_message ("Creator keyword data not nul-terminated");
-+ g_free (string);
-+ return -1;
-+ }
- switch (keyword)
- {
- case PSP_CRTR_FLD_TITLE:
---
-2.15.1
-