Overview

Request 1007902 accepted

- update to official RC2 tarball release:
which obsoletes the following patches in previous dists as backports
that have always been upstream:
* obsoletes 0001-PSD-Use-Safe-add-for-preventing-overflows-in-PSD-fil.patch
* obsoletes 0002-PSD-enforce-Length-of-image-resource-section-file-si.patch (CVE-2018-19108, bsc#1115364)
* obsoletes 0001-Fix-561.-Use-proper-counter-for-the-idx-variable.patch (CVE-2018-19607, bsc#1117513)
* obsoletes 0001-Avoid-null-pointer-exception-due-to-NULL-return-valu.patch (bsc#1142684, CVE-2019-13114)
* obsoletes 0001-IptcData-printStructure-Remove-buffer-overrun.patch (bsc#1088424, CVE-2018-9305)
* obsoletes 0001-Fix-SEGV-in-DataValue-Copy.patch (bsc#1109299, CVE-2018-17282)
* Fixes CVE-2017-9239 (bsc#1040973): null pointer dereference in doWriteImage
* Fixes CVE-2018-17229 (bsc#1109175): (Heap buffer overflow in Exiv2::d2Data)
* Fixes CVE-2018-17230 (bsc#1109176): (heap-based buffer overflow in Exiv2::ul2Data)
* Fixes CVE-2017-1000126 (Stack out of bounds read in webp parser) (bsc#1068873)

Request History
Dirk Mueller's avatar

dirkmueller created request

- update to official RC2 tarball release:
which obsoletes the following patches in previous dists as backports
that have always been upstream:
* obsoletes 0001-PSD-Use-Safe-add-for-preventing-overflows-in-PSD-fil.patch
* obsoletes 0002-PSD-enforce-Length-of-image-resource-section-file-si.patch (CVE-2018-19108, bsc#1115364)
* obsoletes 0001-Fix-561.-Use-proper-counter-for-the-idx-variable.patch (CVE-2018-19607, bsc#1117513)
* obsoletes 0001-Avoid-null-pointer-exception-due-to-NULL-return-valu.patch (bsc#1142684, CVE-2019-13114)
* obsoletes 0001-IptcData-printStructure-Remove-buffer-overrun.patch (bsc#1088424, CVE-2018-9305)
* obsoletes 0001-Fix-SEGV-in-DataValue-Copy.patch (bsc#1109299, CVE-2018-17282)
* Fixes CVE-2017-9239 (bsc#1040973): null pointer dereference in doWriteImage
* Fixes CVE-2018-17229 (bsc#1109175): (Heap buffer overflow in Exiv2::d2Data)
* Fixes CVE-2018-17230 (bsc#1109176): (heap-based buffer overflow in Exiv2::ul2Data)
* Fixes CVE-2017-1000126 (Stack out of bounds read in webp parser) (bsc#1068873)

Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources

Factory Auto's avatar

factory-auto accepted review

skipping the staging process since only .changes modifications

Factory Auto's avatar

factory-auto accepted review

Check script succeeded

Saul Goodman's avatar

licensedigger accepted review

ok

Dominique Leuenberger's avatar

dimstar accepted review

Dominique Leuenberger's avatar

dimstar approved review

Dominique Leuenberger's avatar

dimstar_suse accepted request

Accept to openSUSE:Factory

openSUSE Build Service is sponsored by
Places