diff options
| author | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2019-10-23 10:00:23 +0200 |
|---|---|---|
| committer | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2019-10-23 12:30:04 +0200 |
| commit | 9fe1f2e918d39031852805f1add23125c061d3c3 (patch) | |
| tree | dd2faa67c4a4e08b3dade4c4963709f05aa67a15 /dist | |
| parent | 606ae7e0197f3bcff442c2df3beb918952d8e822 (diff) | |
Tiff: Include two upstream CVE fixes in bundled libtiffv5.13.2
For issues CVE-2019-17546 and CVE-2019-14973, the following commits
were merged into the bundled libtiff:
4bb584a35f87af42d6cf09d15e9ce8909a839145 RGBA interface: fix integer
overflow potentially causing write heap buffer overflow, especially on
32 bit builds. Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443. Credit to
OSS Fuzz
1b5e3b6a23827c33acf19ad50ce5ce78f12b3773 Fix integer overflow in
_TIFFCheckMalloc() and other implementation-defined behaviour
(CVE-2019-14973)
Fixes: QTBUG-79397
Change-Id: I29257e6dbfbd816224d3dbaefdbe8afecd25f288
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
Diffstat (limited to 'dist')
| -rw-r--r-- | dist/changes-5.13.2 | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/dist/changes-5.13.2 b/dist/changes-5.13.2 index e3bb833..9d79031 100644 --- a/dist/changes-5.13.2 +++ b/dist/changes-5.13.2 @@ -17,4 +17,9 @@ https://bugreports.qt.io/ Each of these identifiers can be entered in the bug tracker to obtain more information about a particular change. - - This release contains only minor code improvements. +**************************************************************************** +* TIFF * +**************************************************************************** + + - Two security-related upstream patches has been applied to the + bundled libtiff |