Overview
Request 1007902 accepted
- update to official RC2 tarball release:
which obsoletes the following patches in previous dists as backports
that have always been upstream:
* obsoletes 0001-PSD-Use-Safe-add-for-preventing-overflows-in-PSD-fil.patch
* obsoletes 0002-PSD-enforce-Length-of-image-resource-section-file-si.patch (CVE-2018-19108, bsc#1115364)
* obsoletes 0001-Fix-561.-Use-proper-counter-for-the-idx-variable.patch (CVE-2018-19607, bsc#1117513)
* obsoletes 0001-Avoid-null-pointer-exception-due-to-NULL-return-valu.patch (bsc#1142684, CVE-2019-13114)
* obsoletes 0001-IptcData-printStructure-Remove-buffer-overrun.patch (bsc#1088424, CVE-2018-9305)
* obsoletes 0001-Fix-SEGV-in-DataValue-Copy.patch (bsc#1109299, CVE-2018-17282)
* Fixes CVE-2017-9239 (bsc#1040973): null pointer dereference in doWriteImage
* Fixes CVE-2018-17229 (bsc#1109175): (Heap buffer overflow in Exiv2::d2Data)
* Fixes CVE-2018-17230 (bsc#1109176): (heap-based buffer overflow in Exiv2::ul2Data)
* Fixes CVE-2017-1000126 (Stack out of bounds read in webp parser) (bsc#1068873)
- Created by dirkmueller
- In state accepted
- Supersedes 1007899
Request History
dirkmueller created request
- update to official RC2 tarball release:
which obsoletes the following patches in previous dists as backports
that have always been upstream:
* obsoletes 0001-PSD-Use-Safe-add-for-preventing-overflows-in-PSD-fil.patch
* obsoletes 0002-PSD-enforce-Length-of-image-resource-section-file-si.patch (CVE-2018-19108, bsc#1115364)
* obsoletes 0001-Fix-561.-Use-proper-counter-for-the-idx-variable.patch (CVE-2018-19607, bsc#1117513)
* obsoletes 0001-Avoid-null-pointer-exception-due-to-NULL-return-valu.patch (bsc#1142684, CVE-2019-13114)
* obsoletes 0001-IptcData-printStructure-Remove-buffer-overrun.patch (bsc#1088424, CVE-2018-9305)
* obsoletes 0001-Fix-SEGV-in-DataValue-Copy.patch (bsc#1109299, CVE-2018-17282)
* Fixes CVE-2017-9239 (bsc#1040973): null pointer dereference in doWriteImage
* Fixes CVE-2018-17229 (bsc#1109175): (Heap buffer overflow in Exiv2::d2Data)
* Fixes CVE-2018-17230 (bsc#1109176): (heap-based buffer overflow in Exiv2::ul2Data)
* Fixes CVE-2017-1000126 (Stack out of bounds read in webp parser) (bsc#1068873)
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
skipping the staging process since only .changes modifications
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
dimstar accepted review
dimstar approved review
dimstar_suse accepted request
Accept to openSUSE:Factory