rpms/ImageMagick/devel ImageMagick-6.2.8-CVE-2007-1797.patch, NONE, 1.1 ImageMagick.spec, 1.69, 1.70
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Apr 5 12:18:31 UTC 2007
- Previous message (by thread): rpms/ImageMagick/FC-6 ImageMagick-6.2.8-CVE-2007-1797.patch, NONE, 1.1 ImageMagick-6.2.8-icon.patch, NONE, 1.1 ImageMagick.spec, 1.68, 1.69
- Next message (by thread): rpms/kdelibs/devel kdelibs-3.5.6-kde#126812.patch, NONE, 1.1 kdelibs.spec, 1.204, 1.205
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nmurray
Update of /cvs/dist/rpms/ImageMagick/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv995
Modified Files:
ImageMagick.spec
Added Files:
ImageMagick-6.2.8-CVE-2007-1797.patch
Log Message:
Resolves BZ235075
ImageMagick-6.2.8-CVE-2007-1797.patch:
dcm.c | 2 ++
xwd.c | 10 +++++++---
2 files changed, 9 insertions(+), 3 deletions(-)
--- NEW FILE ImageMagick-6.2.8-CVE-2007-1797.patch ---
--- ImageMagick/coders/dcm.c.orig 2007-04-03 18:27:57.000000000 +0200
+++ ImageMagick/coders/dcm.c 2007-04-03 18:31:16.000000000 +0200
@@ -2902,6 +2902,8 @@ static Image *ReadDCMImage(const ImageIn
{
data=(unsigned char *)
AcquireMagickMemory((size_t) quantum*(length+1));
+ if (length > ((~0UL)/quantum))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
if (data == (unsigned char *) NULL)
ThrowReaderException(ResourceLimitError,
"MemoryAllocationFailed");
--- ImageMagick/coders/xwd.c.orig 2007-04-03 19:21:18.000000000 +0200
+++ ImageMagick/coders/xwd.c 2007-04-03 19:24:36.000000000 +0200
@@ -236,7 +236,9 @@ static Image *ReadXWDImage(const ImageIn
if (header.header_size < sz_XWDheader)
ThrowReaderException(CorruptImageError,"CorruptImage");
length=(size_t) header.header_size-sz_XWDheader;
- comment=(char *) AcquireMagickMemory(length+MaxTextExtent);
+ if (length > ((~0UL)/sizeof(*comment)))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ comment=(char *) AcquireMagickMemory((length+1)*sizeof(*comment));
if (comment == (char *) NULL)
ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
count=ReadBlob(image,length,(unsigned char *) comment);
@@ -278,8 +281,10 @@ static Image *ReadXWDImage(const ImageIn
XWDColor
color;
- colors=(XColor *)
- AcquireMagickMemory((size_t) header.ncolors*sizeof(*colors));
+ length=(size_t) header.ncolors;
+ if (length > ((~0UL)/sizeof(*colors)))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ colors=(XColor *) AcquireMagickMemory(length*sizeof(*colors));
if (colors == (XColor *) NULL)
ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
for (i=0; i < (long) header.ncolors; i++)
Index: ImageMagick.spec
===================================================================
RCS file: /cvs/dist/rpms/ImageMagick/devel/ImageMagick.spec,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -r1.69 -r1.70
--- ImageMagick.spec 30 Mar 2007 04:41:40 -0000 1.69
+++ ImageMagick.spec 5 Apr 2007 12:18:29 -0000 1.70
@@ -9,7 +9,7 @@
%else
Version: %{VER}
%endif
-Release: 2%{?dist}
+Release: 3%{?dist}
License: freeware
Group: Applications/Multimedia
%if "%{Patchlevel}" != ""
@@ -22,6 +22,9 @@
Patch2: ImageMagick-6.2.8-multilib.patch
Patch3: ImageMagick-6.3.2-perl-parallel-build.patch
Patch4: ImageMagick-6.3.2-perl-liblink.patch
+# 235075
+Patch5: ImageMagick-6.2.8-CVE-2007-1797.patch
+
Url: http://www.imagemagick.org/
Buildroot: %{_tmppath}/%{name}-%{version}-root
@@ -122,7 +125,7 @@
%patch2 -p1 -b .multilib
%patch3 -p1 -b .perl-build
%patch4 -p1 -b .perl-link
-
+%patch5 -p1 -b .cve-2007-1797
%build
%configure --enable-shared \
@@ -258,6 +261,9 @@
%doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt
%changelog
+* Thu Apr 5 2007 Norm Murray <nmurray at redhat.com> 6.3.2.9-3.fc7
+- heap overflows (#235075, CVE-2007-1797)
+
* Fri Mar 30 2007 Norm Murray <nmurray at redhat.com> 6.3.2.9-2.fc7
- perlmagick build fix (#231259)
- Previous message (by thread): rpms/ImageMagick/FC-6 ImageMagick-6.2.8-CVE-2007-1797.patch, NONE, 1.1 ImageMagick-6.2.8-icon.patch, NONE, 1.1 ImageMagick.spec, 1.68, 1.69
- Next message (by thread): rpms/kdelibs/devel kdelibs-3.5.6-kde#126812.patch, NONE, 1.1 kdelibs.spec, 1.204, 1.205
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list