new file mode 100644
@@ -0,0 +1,70 @@
+From 7a7f58c0ebb84b9a3c44c875a667ce8ba191b325 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Wed, 8 Aug 2018 13:59:37 +0100
+Subject: [PATCH] CVE-2015-4695
+
+CVE: CVE-2015-4695
+Upstream-Status: Backport [https://github.com/caolanm/libwmf/commit/b5ae5d1f3bbddf051a5c9dd01897bd835817f013]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/player/meta.h | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/player/meta.h b/src/player/meta.h
+index 252e68b..3e13688 100644
+--- a/src/player/meta.h
++++ b/src/player/meta.h
+@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrlis
+ objects = P->objects;
+
+ i = 0;
+- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+
+ if (i == NUM_OBJECTS (API))
+ { WMF_ERROR (API,"Object out of range!");
+@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrlist
+ objects = P->objects;
+
+ i = 0;
+- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+
+ if (i == NUM_OBJECTS (API))
+ { WMF_ERROR (API,"Object out of range!");
+@@ -3067,7 +3067,7 @@ static int meta_pen_create (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrlis
+ objects = P->objects;
+
+ i = 0;
+- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+
+ if (i == NUM_OBJECTS (API))
+ { WMF_ERROR (API,"Object out of range!");
+@@ -3181,7 +3181,7 @@ static int meta_brush_create (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrl
+ objects = P->objects;
+
+ i = 0;
+- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+
+ if (i == NUM_OBJECTS (API))
+ { WMF_ERROR (API,"Object out of range!");
+@@ -3288,7 +3288,7 @@ static int meta_font_create (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrli
+ objects = P->objects;
+
+ i = 0;
+- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+
+ if (i == NUM_OBJECTS (API))
+ { WMF_ERROR (API,"Object out of range!");
+@@ -3396,7 +3396,7 @@ static int meta_palette_create (wmfAPI* API,wmfRecord* Record,wmfAttributes* att
+ objects = P->objects;
+
+ i = 0;
+- while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+
+ if (i == NUM_OBJECTS (API))
+ { WMF_ERROR (API,"Object out of range!");
@@ -21,6 +21,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/wvware/${BPN}/${PV}/${BPN}-${PV}.tar.gz;name=ta
file://libwmf-0.2.8.4-useafterfree.patch \
file://0001-configure-use-pkg-config-for-freetype.patch \
file://CVE-2015-0848-CVE-2015-4588.patch \
+ file://CVE-2015-4695.patch \
"
SRC_URI[tarball.md5sum] = "d1177739bf1ceb07f57421f0cee191e0"
Details: https://nvd.nist.gov/vuln/detail/CVE-2015-4695 Pick the commit that explicitly mentions the vulnerability ID. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../libwmf/libwmf/CVE-2015-4695.patch | 70 +++++++++++++++++++ .../recipes-extended/libwmf/libwmf_0.2.8.4.bb | 1 + 2 files changed, 71 insertions(+) create mode 100644 meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-4695.patch