[Bug 3639] New: [IcedTea8] Backport "CVE-2018-16435 lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile" to in-tree LCMS

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Mon Oct 22 04:35:29 UTC 2018 

https://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3639

            Bug ID: 3639
           Summary: [IcedTea8] Backport "CVE-2018-16435 lcms2: heap-based
                    buffer overflow in SetData function in
                    cmsIT8LoadFromFile" to in-tree LCMS
           Product: IcedTea
           Version: 3.x-hg
          Hardware: all
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: IcedTea
          Assignee: gnu.andrew at redhat.com
          Reporter: gnu.andrew at redhat.com
                CC: unassigned at icedtea.classpath.org

It looks as though this code isn't called from OpenJDK, but still better to fix
it.

https://github.com/mm2/Little-CMS/issues/171
https://bugzilla.redhat.com/show_bug.cgi?id=1628969

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20181022/46eea4a6/attachment.html>

More information about the distro-pkg-dev mailing list