gnu: libpng: Mention CVE-2016-10087.

* gnu/packages/patches/libpng-fix-null-ptr-dereference.patch: Rename to ...
* gnu/packages/patches/libpng-CVE-2016-10087.patch: ... this.
* gnu/local.mk (dist_patch_DATA): Adjust.
* gnu/packages/image.scm (libpng/fixed)[source]: Use renamed patch.
This commit is contained in:
Leo Famulari 2016-12-30 14:29:48 -05:00
parent 6023041346
commit 858b9afeaf
No known key found for this signature in database
GPG key ID: 2646FA30BACA7F08
3 changed files with 4 additions and 3 deletions

View file

@ -675,7 +675,7 @@ dist_patch_DATA = \
%D%/packages/patches/libmad-armv7-thumb-pt2.patch \
%D%/packages/patches/libmad-frame-length.patch \
%D%/packages/patches/libmad-mips-newgcc.patch \
%D%/packages/patches/libpng-fix-null-ptr-dereference.patch \
%D%/packages/patches/libpng-CVE-2016-10087.patch \
%D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \
%D%/packages/patches/libtar-CVE-2013-4420.patch \
%D%/packages/patches/libtheora-config-guess.patch \

View file

@ -95,7 +95,7 @@ (define libpng/fixed
(source
(origin
(inherit (package-source libpng))
(patches (search-patches "libpng-fix-null-ptr-dereference.patch"))))))
(patches (search-patches "libpng-CVE-2016-10087.patch"))))))
(define-public libpng-1.2
(package

View file

@ -1,5 +1,6 @@
Fix a null pointer dereference in png_set_text_2():
Fix CVE-2016-10087, a null pointer dereference in png_set_text_2():
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
http://seclists.org/oss-sec/2016/q4/777
Patch adapted from upstream source repository: