review.tizen.org Git - scm/bb/tizen-distro.git/commit

author	Li Wang <li.wang@windriver.com>
	Thu, 13 Dec 2012 06:51:22 +0000 (14:51 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Mon, 17 Dec 2012 17:24:56 +0000 (17:24 +0000)
commit	062bc98e4fa91c9cc1c9b114357ae5c7cd86d3f0
tree	ed1e4920ea053467515f2e3a10dc9d13c65378b8	tree \| snapshot
parent	774e2ad1ef0db7c955428ee07522418ddb692d53	commit \| diff

librsvg: CVE-2011-3146

Store node type separately in RsvgNode

commit 34c95743ca692ea0e44778e41a7c0a129363de84 upstream

The node name (formerly RsvgNode:type) cannot be used to infer
the sub-type of RsvgNode that we're dealing with, since for unknown
elements we put type = node-name. This lead to a (potentially exploitable)
crash e.g. when the element name started with "fe" which tricked
the old code into considering it as a RsvgFilterPrimitive.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3146

https://bugzilla.gnome.org/show_bug.cgi?id=658014

[YOCTO #3581]
[ CQID: WIND00376773 ]
Upstream-Status: Backport

(From OE-Core rev: 64de49bed598ce9d4ee0b448badc38a433712aff)

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-gnome/librsvg/librsvg-2.32.1/librsvg-CVE-2011-3146.patch	[new file with mode: 0644]	blob
meta/recipes-gnome/librsvg/librsvg_2.32.1.bb		diff \| blob \| history