Commits
Peter Korsgaard committed 52bfb4b1ce2
libcroco: add upstream security fixes These have been added to upstream git after 0.6.12 was released. CVE-2017-7960 - The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. CVE-2017-7961 - The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. For more details, see: https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>