summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Drake <michael.drake@codethink.co.uk>2015-01-14 11:27:06 +0000
committerMichael Drake <michael.drake@codethink.co.uk>2015-01-14 11:27:06 +0000
commita05c7b035f23a21f454dfa72bba358028c24595a (patch)
tree0c8fd1b28eb4c46c31506348b697dd397ce19f04
parentd29fbc3306f270a36f6dbfc11c3126e7fcda01b4 (diff)
downloadtoolchains-a05c7b035f23a21f454dfa72bba358028c24595a.tar.gz
toolchains-a05c7b035f23a21f454dfa72bba358028c24595a.tar.bz2
Update libpng to version 1.6.16
Versions of libpng from 1.6.9 through to 1.6.15 have an integer-overflow vulnerability in png_combine_row() when decoding very wide interlaced images, which can allow an attacker to overwrite an arbitrary amount of memory with attacker-controlled data. This bug is fixed in version 1.6.16.
-rw-r--r--sdk/Makefile2
1 files changed, 1 insertions, 1 deletions
diff --git a/sdk/Makefile b/sdk/Makefile
index 573aed1..80970ae 100644
--- a/sdk/Makefile
+++ b/sdk/Makefile
@@ -27,7 +27,7 @@ VERSION_ZLIB := 1.2.8
VERSION_LIBICONV := 1.14
VERSION_LIBTRE := 0.8.0
VERSION_OPENSSL := 1.0.1j
-VERSION_LIBPNG := 1.6.15
+VERSION_LIBPNG := 1.6.16
VERSION_LIBJPEG := 8d
VERSION_LIBCARES := 1.10.0
VERSION_LIBCURL := 7.38.0