summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2019-04-15Improve deep recursion detection in exif_data_load_data_content.tizen_5.5.m2_releasesubmit/tizen_5.5_wearable_hotfix/20201026.184307submit/tizen_5.5_mobile_hotfix/20201026.185107submit/tizen_5.5/20191031.000007submit/tizen/20190415.103526accepted/tizen/unified/20190416.071505accepted/tizen/5.5/unified/wearable/hotfix/20201027.100532accepted/tizen/5.5/unified/mobile/hotfix/20201027.074220accepted/tizen/5.5/unified/20191031.011749tizen_5.5_wearable_hotfixtizen_5.5_tvtizen_5.5_mobile_hotfixtizen_5.5accepted/tizen_5.5_unified_wearable_hotfixaccepted/tizen_5.5_unified_mobile_hotfixaccepted/tizen_5.5_unifiedDan Fandrich1-8/+37
The existing detection was still vulnerable to pathological cases causing DoS by wasting CPU. The new algorithm takes the number of tags into account to make it harder to abuse by cases using shallow recursion but with a very large number of tags. This improves on commit 5d28011c which wasn't sufficient to counter this kind of case. The limitation in the previous fix was discovered by Laurent Delosieres, Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned the identifier CVE-2018-20030. Change-Id: I0ea69965f94d762c4f43c587504469259108456f Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
2017-12-13Fix CVE-2017-7544submit/tizen_5.0/20181101.000007submit/tizen/20171213.045006accepted/tizen/unified/20171213.153238accepted/tizen/5.0/unified/20181102.030422tizen_5.0accepted/tizen_5.0_unifiedJeongmo Yang2-1/+7
Tue Jul 25 21:38:56 2017 UTC (2 months, 2 weeks ago) by marcusmeissner Branch: MAIN CVS Tags: HEAD Changes since 1.131: +6 -0 lines Diff to previous 1.131 On saving makernotes, make sure the makernote container tags has a type with 1 byte components. Fixes (at least): https://sourceforge.net/p/libexif/bugs/130 https://sourceforge.net/p/libexif/bugs/129 [Version] 0.6.21-3 [Profile] Common [Issue Type] CVE Change-Id: I2649b5cadbac7c7cd285d537b918dda56e637f3a Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
2017-03-28Update spec file for license macrotizen_4.0.m2_releasetizen_4.0.m1_releasetizen_4.0.IoT.p1_releasesubmit/tizen_4.0/20170828.100006submit/tizen_4.0/20170811.094300submit/tizen/20170328.103759accepted/tizen/wearable/20170329.221914accepted/tizen/unified/20170329.221947accepted/tizen/tv/20170329.221858accepted/tizen/mobile/20170329.221821accepted/tizen/ivi/20170329.221930accepted/tizen/common/20170329.171857accepted/tizen/4.0/unified/20170828.222846accepted/tizen/4.0/unified/20170816.013605accepted/tizen_wearableaccepted/tizen_tvaccepted/tizen_mobileaccepted/tizen_iviaccepted/tizen_commonJeongmo Yang1-5/+3
[Version] 0.6.21-2 [Profile] Common [Issue Type] Update [Dependency module] N/A Change-Id: Ib8876c56489a4a5d2d8d2fe4eb03bb5b10f5a6e9 Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
2016-06-171. Remove samsung extension code, 2. Block unnecessary build and exclude doc ↵submit/tizen_unified/20170308.100414submit/tizen_3.0_wearable/20161015.000003submit/tizen_3.0_tv/20161015.000003submit/tizen_3.0_mobile/20161015.000003submit/tizen_3.0_ivi/20161010.000003submit/tizen_3.0_common/20161104.104000submit/tizen_3.0.m2/20170104.093753submit/tizen/20160627.065544submit/tizen/20160623.063229submit/submit/tizen/20160623.063229/20160623.063406accepted/tizen/wearable/20160629.015958accepted/tizen/unified/20170309.040048accepted/tizen/tv/20160629.015929accepted/tizen/mobile/20160629.015834accepted/tizen/ivi/20160629.015912accepted/tizen/common/20160629.222220accepted/tizen/common/20160627.191504accepted/tizen/3.0/wearable/20161015.083213accepted/tizen/3.0/tv/20161016.004914accepted/tizen/3.0/mobile/20161015.033422accepted/tizen/3.0/ivi/20161011.044313accepted/tizen/3.0/common/20161114.110951accepted/tizen/3.0.m2/wearable/20170105.025020accepted/tizen/3.0.m2/tv/20170105.024852accepted/tizen/3.0.m2/mobile/20170105.024711tizen_3.0_tvtizen_3.0.m2accepted/tizen_3.0_wearableaccepted/tizen_3.0_tvaccepted/tizen_3.0_mobileaccepted/tizen_3.0_iviaccepted/tizen_3.0_commonaccepted/tizen_3.0.m2_wearableaccepted/tizen_3.0.m2_tvaccepted/tizen_3.0.m2_mobileJeongmo Yang18-17832/+44
related files Change-Id: Iab15d7e450e11c86b648a31f4fbd82eb6ae3b1a7 Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
2013-06-29resetting manifest requested domain to floortizen_3.0_ivi_releasetizen_3.0.m2.a1_tv_releasetizen_3.0.m2.a1_mobile_releasetizen_3.0.m1_tv_releasetizen_3.0.m1_mobile_releasetizen_3.0.m14.3_ivi_releasetizen_3.0.m14.2_ivi_releasetizen_3.0.2014.q3_common_releasesubmit/tizen_mobile/20141120.000000submit/tizen_ivi_genivi/20140131.023309submit/tizen_ivi/20160217.000006submit/tizen_ivi/20160217.000000submit/tizen_common/20151026.085049submit/tizen_common/20151023.083358submit/tizen_common/20151019.135620submit/tizen_common/20151015.190624submit/tizen/20130912.090251submit/tizen/20130912.075943submit/tizen/20130710.132410ivi_oct_m2accepted/tizen/ivi/genivi/20140131.024025accepted/tizen/ivi/20160218.025300accepted/tizen/20130912.195828accepted/tizen/20130912.191731accepted/tizen/20130912.150234accepted/tizen/20130912.095640accepted/tizen/20130912.094035accepted/tizen/20130710.215910tizen_ivi_genivitizen_3.0_ivitizen_3.0.m1_tvtizen_3.0.m1_mobiletizen_3.0.m14.3_ivitizen_3.0.m14.2_ivitizen_3.0.2015.q2_commontizen_3.0.2015.q1_commontizen_3.0.2014.q4_commontizen_3.0.2014.q3_commonaccepted/tizen_genericaccepted/tizen_3.0.m14.3_iviaccepted/tizen_3.0.2014.q3_commonaccepted/tizen/ivi/stableaccepted/tizen/ivi/geniviAlexandru Cornea2-0/+9
2013-06-20add samsung device supportsubmit/tizen/20130620.182649Anas Nashif14-8/+1506
2013-05-15Set license using %licensesubmit/tizen/20130517.023025submit/tizen/20130515.050142accepted/tizen/20130520.095854Anas Nashif2-1/+4
2012-11-03add packagingsubmit/trunk/20130325.083309submit/tizen/20130509.181038submit/tizen/20130503.223707accepted/trunk/20130325.212953accepted/tizen/20130503.222322Anas Nashif1-1/+1
2012-11-03add packagingAnas Nashif2-0/+62
2012-11-03Imported Upstream version 0.6.21upstream/0.6.21Anas Nashif210-0/+223101
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-03 23:19:36 +0000