Hello community,
here is the log from the commit of package freeimage for openSUSE:Factory checked in at 2018-01-25 12:40:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/freeimage (Old)
and /work/SRC/openSUSE:Factory/.freeimage.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "freeimage"
Thu Jan 25 12:40:27 2018 rev:5 rq:569343 version:3.17.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/freeimage/freeimage.changes 2016-06-19 10:48:43.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.freeimage.new/freeimage.changes 2018-01-25 12:40:33.662606267 +0100
@@ -1,0 +2,7 @@
+Wed Jan 24 14:01:21 UTC 2018 - kbabioch@suse.com
+
+- Add CVE-2016-5684.patch: Fix an exploitable out-of-bounds write vulnerability
+ in the XMP image handling functionality, which can cause an arbitrary memory
+ overwrite resulting in code execution (CVE-2016-5684 boo#1002621).
+
+-------------------------------------------------------------------
New:
----
CVE-2016-5684.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ freeimage.spec ++++++
--- /var/tmp/diff_new_pack.8UQqgu/_old 2018-01-25 12:40:35.374526345 +0100
+++ /var/tmp/diff_new_pack.8UQqgu/_new 2018-01-25 12:40:35.378526159 +0100
@@ -1,7 +1,7 @@
#
# spec file for package freeimage
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -35,6 +35,7 @@
Patch2: CVE-2015-0852.patch
# PATCH-FIX-OPENSUSE makefiles_fixes.patch asterios.dramis@gmail.com -- Fix CFLAGS and CXXFLAGS, removed -s (strip) option, add missing symlinks for libfreeimageplus, remove root user from install
Patch3: makefiles_fixes.patch
+Patch4: CVE-2016-5684.patch
BuildRequires: doxygen
BuildRequires: gcc-c++
BuildRequires: jxrlib-devel
@@ -98,6 +99,7 @@
%patch1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
# Remove bundled libs to make sure these don't get used during compile
rm -rf Source/LibPNG/ Source/LibRawLite/ Source/OpenEXR/ Source/ZLib/ Source/LibOpenJPEG/ Source/LibJPEG/
++++++ CVE-2016-5684.patch ++++++
From: Debian Science Maintainers