Document another bug, PR, and name (GHSL-2023-149) for CVE-2023-43898

2023-10-25 11:16:12 -04:00 · 2023-10-25 11:16:12 -04:00 · 348c666fc7
commit 348c666fc7
parent 39b8298fe4
1 changed files with 7 additions and 0 deletions
--- a/stb.spec
+++ b/stb.spec
@ -72,6 +72,13 @@ Patch:          %{url}/pull/1236.patch
 # https://github.com/nothings/stb/issues/1452
 # NULL pointer derefence in PIC loading (CVE-2023-43898)
 # https://github.com/nothings/stb/issues/1521
+# Null pointer dereference in stbi__convert_format (GHSL-2023-149)
+# https://github.com/nothings/stb/issues/1546
+#
+# An alternative and equivalent patch is:
+#
+# Fix Null pointer dereference in stbi__convert_format
+# https://github.com/nothings/stb/pull/1547
 Patch:          %{url}/pull/1454.patch

 # Fixed asan error on tiny input images