Skip to content
Snippets Groups Projects
  • Noah Misch's avatar
    8b59672d
    Cherry-pick security-relevant fixes from upstream imath library. · 8b59672d
    Noah Misch authored
    This covers alterations to buffer sizing and zeroing made between imath
    1.3 and imath 1.20.  Valgrind Memcheck identified the buffer overruns
    and reliance on uninitialized data; their exploit potential is unknown.
    Builds specifying --with-openssl are unaffected, because they use the
    OpenSSL BIGNUM facility instead of imath.  Back-patch to 9.0 (all
    supported versions).
    
    Security: CVE-2015-0243
    8b59672d
    History
    Cherry-pick security-relevant fixes from upstream imath library.
    Noah Misch authored
    This covers alterations to buffer sizing and zeroing made between imath
    1.3 and imath 1.20.  Valgrind Memcheck identified the buffer overruns
    and reliance on uninitialized data; their exploit potential is unknown.
    Builds specifying --with-openssl are unaffected, because they use the
    OpenSSL BIGNUM facility instead of imath.  Back-patch to 9.0 (all
    supported versions).
    
    Security: CVE-2015-0243