-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-fe84314a8e 2022-04-28 05:50:06.248770 --------------------------------------------------------------------------------
Name : stb Product : Fedora 35 Version : 0^20210910gitaf1a5bc Release : 0.2.fc35 URL : https://github.com/nothings/stb Summary : Single-file public domain libraries for C/C++ Description : Single-file public domain libraries for C/C++.
-------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2022-28041, CVE-2022-28042, CVE-2022-28048 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 20 2022 Benjamin A. Beasley code@musicinmybrain.net 0^20210910gitaf1a5bc-0.2 - Security fix for CVE-2022-28041 (fix RHBZ#2077020, fix RBHZ#2077019) * Wed Apr 20 2022 Benjamin A. Beasley code@musicinmybrain.net 0^20210910gitaf1a5bc-0.1 - Switch to modern snapshot versioning * Wed Apr 20 2022 Benjamin A. Beasley code@musicinmybrain.net 0-0.9 - Stop numbering patches * Wed Apr 20 2022 Benjamin A. Beasley code@musicinmybrain.net 0-0.8 - Apply a patch for warnings in stb_herringbone_wang_tile -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2077019 - CVE-2022-28041 stb: integer overflow in stbi__jpeg_decode_block_prog_dc() can lead to DoS https://bugzilla.redhat.com/show_bug.cgi?id=2077019 [ 2 ] Bug #2077022 - CVE-2022-28042 stb: use-after-free in stbi__jpeg_huff_decode() https://bugzilla.redhat.com/show_bug.cgi?id=2077022 [ 3 ] Bug #2077028 - CVE-2022-28048 stb: integer shift of invalid size in stbi__jpeg_decode_block_prog_ac() https://bugzilla.redhat.com/show_bug.cgi?id=2077028 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-fe84314a8e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------