diff mbox series

[wrynose,17/55] libxpm: upgrade 3.5.18 -> 3.5.19

Message ID 2018b1c49ed6f44303f832857a009c7c5c9f55a5.1783289522.git.yoann.congal@smile.fr
State New
Headers show
Series [wrynose,01/55] bluez5: fix set volume failure | expand

Commit Message

Yoann Congal July 5, 2026, 10:41 p.m. UTC
From: Richard Purdie <richard.purdie@linuxfoundation.org>

A vulnerability in the `xpmNextWord()` function could cause an internal pointer to read beyond the file's end due to improper validation of file boundaries. This issue was fixed in libXpm 3.5.19.

The changes between 3.5.18 and 3.5.19 contain only the fix to CVE-2026-4367.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Enoch Ng <enoch.ng@windriver.com>
(cherry picked from commit 1fc25a668ee8bbabf7e8e369b2d94867cd22243b)
[YC: changelog: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/compare/libXpm-3.5.18...libXpm-3.5.19 ]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../xorg-lib/{libxpm_3.5.18.bb => libxpm_3.5.19.bb}             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/xorg-lib/{libxpm_3.5.18.bb => libxpm_3.5.19.bb} (88%)
diff mbox series

Patch

diff --git a/meta/recipes-graphics/xorg-lib/libxpm_3.5.18.bb b/meta/recipes-graphics/xorg-lib/libxpm_3.5.19.bb
similarity index 88%
rename from meta/recipes-graphics/xorg-lib/libxpm_3.5.18.bb
rename to meta/recipes-graphics/xorg-lib/libxpm_3.5.19.bb
index 94bf28232e9..32e052fd424 100644
--- a/meta/recipes-graphics/xorg-lib/libxpm_3.5.18.bb
+++ b/meta/recipes-graphics/xorg-lib/libxpm_3.5.19.bb
@@ -22,6 +22,6 @@  PACKAGES =+ "sxpm cxpm"
 FILES:cxpm = "${bindir}/cxpm"
 FILES:sxpm = "${bindir}/sxpm"
 
-SRC_URI[sha256sum] = "b4ed79bfc718000edee837d551c35286f0b84576db0ce07bbbebe60a4affa1e4"
+SRC_URI[sha256sum] = "ad3576d689221a39dc728f0e0dc02ca7bb6a0d724c9a77fd1bfa1e9af83be900"
 
 BBCLASSEXTEND = "native"