rpms/kdegraphics/FC-6 post-3.5.7-kdegraphics-CVE-2007-3387.diff, NONE, 1.1 kdegraphics.spec, 1.99, 1.100
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Aug 29 13:13:49 UTC 2007
Author: than
Update of /cvs/dist/rpms/kdegraphics/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv1863
Modified Files:
kdegraphics.spec
Added Files:
post-3.5.7-kdegraphics-CVE-2007-3387.diff
Log Message:
- resolves bz#251511, CVE-2007-3387 kpdf integer overflow
post-3.5.7-kdegraphics-CVE-2007-3387.diff:
Stream.cc | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
--- NEW FILE post-3.5.7-kdegraphics-CVE-2007-3387.diff ---
Index: kpdf/xpdf/xpdf/Stream.cc
===================================================================
--- kpdf/xpdf/xpdf/Stream.cc (revision 689574)
+++ kpdf/xpdf/xpdf/Stream.cc (working copy)
@@ -411,9 +411,9 @@ StreamPredictor::StreamPredictor(Stream
nVals = width * nComps;
if (width <= 0 || nComps <= 0 || nBits <= 0 ||
- nComps >= INT_MAX / nBits ||
- width >= INT_MAX / nComps / nBits ||
- nVals * nBits + 7 < 0) {
+ nComps > gfxColorMaxComps || nBits > 16 ||
+ width >= INT_MAX / nComps ||
+ nVals >= (INT_MAX - 7) / nBits) {
return;
}
pixBytes = (nComps * nBits + 7) >> 3;
Index: kdegraphics.spec
===================================================================
RCS file: /cvs/dist/rpms/kdegraphics/FC-6/kdegraphics.spec,v
retrieving revision 1.99
retrieving revision 1.100
diff -u -r1.99 -r1.100
--- kdegraphics.spec 16 Jun 2007 16:53:56 -0000 1.99
+++ kdegraphics.spec 29 Aug 2007 13:13:47 -0000 1.100
@@ -16,7 +16,7 @@
%define no_scanner_archs s390 s390x
Version: 3.5.7
-Release: 1%{?dist}
+Release: 1%{?dist}.1
Name: kdegraphics
Summary: K Desktop Environment - Graphics Applications
Epoch: 7
@@ -30,6 +30,10 @@
Patch2: kdegraphics-3.3.1-xorg.patch
Patch3: kdegraphics-3.5.1-warning.patch
+# security fixes
+# kpdf stack based buffer overflow, CVE-2007-3387
+Patch100: post-3.5.7-kdegraphics-CVE-2007-3387.diff
+
%ifnarch %{no_scanner_archs}
BuildRequires: sane-backends-devel >= 1.0.3-10
BuildRequires: gphoto2-devel
@@ -88,6 +92,9 @@
%patch2 -p1 -b .xorg
%patch3 -p1 -b .gcc-warning
+# security fixes
+%patch100 -p0 -b .CVE-2007-3387
+
%if %{rhel}
echo "DO_NOT_COMPILE=\"\$DO_NOT_COMPILE kfax\"" >kfax/configure.in.in
echo "DO_NOT_COMPILE=\"\$DO_NOT_COMPILE kfaxview\"" >kfaxview/configure.in.in
@@ -197,6 +204,9 @@
%exclude %{_libdir}/libkfaximage.so
%changelog
+* Wed Aug 29 2007 Than Ngo <than at redhat.com> - 7:3.5.7-1.fc6.1
+- resolves bz#251511, CVE-2007-3387 kpdf integer overflow
+
* Sat Jun 16 2007 Than Ngo <than at redhat.com> - 7:3.5.7-1.fc6
- 3.5.7
More information about the fedora-cvs-commits
mailing list