gnu: libpng: Mention CVE-2016-10087.

* gnu/packages/patches/libpng-fix-null-ptr-dereference.patch: Rename to ... * gnu/packages/patches/libpng-CVE-2016-10087.patch: ... this. * gnu/local.mk (dist_patch_DATA): Adjust. * gnu/packages/image.scm (libpng/fixed)[source]: Use renamed patch.
2016-12-30 14:29:48 -05:00 · 2016-12-30 14:29:48 -05:00 · 858b9afeaf
parent 6023041346
commit 858b9afeaf
3 changed files with 4 additions and 3 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -675,7 +675,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/libmad-armv7-thumb-pt2.patch		\
  %D%/packages/patches/libmad-frame-length.patch		\
  %D%/packages/patches/libmad-mips-newgcc.patch			\
-  %D%/packages/patches/libpng-fix-null-ptr-dereference.patch	\
+  %D%/packages/patches/libpng-CVE-2016-10087.patch		\
  %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch		\
  %D%/packages/patches/libtar-CVE-2013-4420.patch \
  %D%/packages/patches/libtheora-config-guess.patch		\
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@ -95,7 +95,7 @@ library.  It supports almost all PNG features and is extensible.")
    (source
      (origin
        (inherit (package-source libpng))
-        (patches (search-patches "libpng-fix-null-ptr-dereference.patch"))))))
+        (patches (search-patches "libpng-CVE-2016-10087.patch"))))))

 (define-public libpng-1.2
  (package
--- a/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch
+++ b/gnu/packages/patches/libpng-fix-null-ptr-dereference.patch
@ -1,5 +1,6 @@
-Fix a null pointer dereference in png_set_text_2():
+Fix CVE-2016-10087, a null pointer dereference in png_set_text_2():

+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
 http://seclists.org/oss-sec/2016/q4/777

 Patch adapted from upstream source repository: