rpms/cups/FC-6 cups-CVE-2007-3387.patch, NONE, 1.1 cups.spec, 1.339, 1.340

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Thu Aug 9 15:50:32 UTC 2007 

Author: twaugh

Update of /cvs/dist/rpms/cups/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv21042

Modified Files:
	cups.spec 
Added Files:
	cups-CVE-2007-3387.patch 
Log Message:
* Thu Aug  9 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-4
- Applied patch to fix CVE-2007-3387 (bug #251519).
- Resolves: rhbz#251519


cups-CVE-2007-3387.patch:
 Stream.cxx |   12 +++++-------
 1 files changed, 5 insertions(+), 7 deletions(-)

--- NEW FILE cups-CVE-2007-3387.patch ---
--- cups-1.2.12/pdftops/Stream.cxx.CVE-2007-3387	2006-02-13 03:08:11.000000000 +0000
+++ cups-1.2.12/pdftops/Stream.cxx	2007-08-09 16:29:28.000000000 +0100
@@ -411,15 +411,13 @@
   ok = gFalse;
 
   nVals = width * nComps;
-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
-      nComps >= INT_MAX / nBits ||
-      width >= INT_MAX / nComps / nBits ||
-      nVals * nBits + 7 < 0) {
-    return;
-  }
   pixBytes = (nComps * nBits + 7) >> 3;
   rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
-  if (rowBytes <= 0) {
+  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+      nComps > gfxColorMaxComps ||
+      nBits > 16 ||
+      width >= INT_MAX / nComps ||      // check for overflow in nVals
+      nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
     return;
   }
   predLine = (Guchar *)gmalloc(rowBytes);


Index: cups.spec
===================================================================
RCS file: /cvs/dist/rpms/cups/FC-6/cups.spec,v
retrieving revision 1.339
retrieving revision 1.340
diff -u -r1.339 -r1.340
--- cups.spec	31 Jul 2007 12:22:29 -0000	1.339
+++ cups.spec	9 Aug 2007 15:50:30 -0000	1.340
@@ -6,7 +6,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.2.12
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPL
 Group: System Environment/Daemons
 Source: ftp://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -48,6 +48,7 @@
 Patch22: cups-logrotate.patch
 Patch24: cups-str2109.patch
 Patch25: cups-usb-paperout.patch
+Patch26: cups-CVE-2007-3387.patch
 Patch100: cups-lspp.patch
 Epoch: 1
 Url: http://www.cups.org/
@@ -157,6 +158,7 @@
 %patch22 -p1 -b .logrotate
 %patch24 -p1 -b .str2109
 %patch25 -p1 -b .usb-paperout
+%patch26 -p1 -b .CVE-2007-3387
 
 %if %lspp
 %patch100 -p1 -b .lspp
@@ -441,6 +443,9 @@
 %{cups_serverbin}/daemon/cups-lpd
 
 %changelog
+* Thu Aug  9 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-4
+- Applied patch to fix CVE-2007-3387 (bug #251519).
+
 * Tue Jul 31 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-3
 - Better buildroot tag.
 - Moved LSPP access check and security attributes check in add_job() to

More information about the fedora-cvs-commits mailing list