An error occurred while fetching folder content.

poky

librsvg: CVE-2011-3146

Li Wang authored 12 years ago and Richard Purdie committed 12 years ago

Store node type separately in RsvgNode

commit 34c95743ca692ea0e44778e41a7c0a129363de84 upstream

The node name (formerly RsvgNode:type) cannot be used to infer
the sub-type of RsvgNode that we're dealing with, since for unknown
elements we put type = node-name. This lead to a (potentially exploitable)
crash e.g. when the element name started with "fe" which tricked
the old code into considering it as a RsvgFilterPrimitive.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3146

https://bugzilla.gnome.org/show_bug.cgi?id=658014



[YOCTO #3581]
[ CQID: WIND00376773 ]
Upstream-Status: Backport

(From OE-Core rev: 6d030fcb69221da073ce413049deb8447934bed5)

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>

Resolved merge conflicts with denzil branch.

Fixes denzil bug [YOCTO #3651].

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

caa1d030

History

caa1d030 12 years ago

History

Name	Last commit	Last update