rpms/cups/FC-6 cups-CVE-2007-3387.patch, NONE, 1.1 cups.spec, 1.339, 1.340
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Aug 9 15:50:32 UTC 2007
Author: twaugh
Update of /cvs/dist/rpms/cups/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv21042
Modified Files:
cups.spec
Added Files:
cups-CVE-2007-3387.patch
Log Message:
* Thu Aug 9 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-4
- Applied patch to fix CVE-2007-3387 (bug #251519).
- Resolves: rhbz#251519
cups-CVE-2007-3387.patch:
Stream.cxx | 12 +++++-------
1 files changed, 5 insertions(+), 7 deletions(-)
--- NEW FILE cups-CVE-2007-3387.patch ---
--- cups-1.2.12/pdftops/Stream.cxx.CVE-2007-3387 2006-02-13 03:08:11.000000000 +0000
+++ cups-1.2.12/pdftops/Stream.cxx 2007-08-09 16:29:28.000000000 +0100
@@ -411,15 +411,13 @@
ok = gFalse;
nVals = width * nComps;
- if (width <= 0 || nComps <= 0 || nBits <= 0 ||
- nComps >= INT_MAX / nBits ||
- width >= INT_MAX / nComps / nBits ||
- nVals * nBits + 7 < 0) {
- return;
- }
pixBytes = (nComps * nBits + 7) >> 3;
rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
- if (rowBytes <= 0) {
+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+ nComps > gfxColorMaxComps ||
+ nBits > 16 ||
+ width >= INT_MAX / nComps || // check for overflow in nVals
+ nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
return;
}
predLine = (Guchar *)gmalloc(rowBytes);
Index: cups.spec
===================================================================
RCS file: /cvs/dist/rpms/cups/FC-6/cups.spec,v
retrieving revision 1.339
retrieving revision 1.340
diff -u -r1.339 -r1.340
--- cups.spec 31 Jul 2007 12:22:29 -0000 1.339
+++ cups.spec 9 Aug 2007 15:50:30 -0000 1.340
@@ -6,7 +6,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.2.12
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPL
Group: System Environment/Daemons
Source: ftp://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -48,6 +48,7 @@
Patch22: cups-logrotate.patch
Patch24: cups-str2109.patch
Patch25: cups-usb-paperout.patch
+Patch26: cups-CVE-2007-3387.patch
Patch100: cups-lspp.patch
Epoch: 1
Url: http://www.cups.org/
@@ -157,6 +158,7 @@
%patch22 -p1 -b .logrotate
%patch24 -p1 -b .str2109
%patch25 -p1 -b .usb-paperout
+%patch26 -p1 -b .CVE-2007-3387
%if %lspp
%patch100 -p1 -b .lspp
@@ -441,6 +443,9 @@
%{cups_serverbin}/daemon/cups-lpd
%changelog
+* Thu Aug 9 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-4
+- Applied patch to fix CVE-2007-3387 (bug #251519).
+
* Tue Jul 31 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-3
- Better buildroot tag.
- Moved LSPP access check and security attributes check in add_job() to
More information about the fedora-cvs-commits
mailing list