rpms/speex/F-7 speex-1.2-CVE-2008-1686.diff, NONE, 1.1 speex.spec, 1.18, 1.19
Tomas Hoger (thoger)
fedora-extras-commits at redhat.com
Tue Apr 15 15:43:44 UTC 2008
- Previous message (by thread): rpms/kernel/devel config-generic, 1.96, 1.97 kernel.spec, 1.616, 1.617 linux-2.6-wireless-pending.patch, 1.44, 1.45
- Next message (by thread): rpms/speex/F-8 speex-1.2-CVE-2008-1686.diff, NONE, 1.1 speex.spec, 1.19, 1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/extras/rpms/speex/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27734/F-7
Modified Files:
speex.spec
Added Files:
speex-1.2-CVE-2008-1686.diff
Log Message:
Add mode checks to speex_packet_to_header() to protect applications
using speex library and not having proper checks
(CVE-2008-1686, #441239, https://trac.xiph.org/changeset/14701)
speex-1.2-CVE-2008-1686.diff:
--- NEW FILE speex-1.2-CVE-2008-1686.diff ---
Patch for CVE-2008-1686, see:
https://trac.xiph.org/changeset/14701
http://www.ocert.org/advisories/ocert-2008-2.html
diff -pruN speex-1.2beta2.orig/libspeex/speex_header.c speex-1.2beta2/libspeex/speex_header.c
--- speex-1.2beta2.orig/libspeex/speex_header.c 2007-03-18 13:25:09.000000000 +0100
+++ speex-1.2beta2/libspeex/speex_header.c 2008-04-15 17:15:18.000000000 +0200
@@ -161,6 +161,13 @@ SpeexHeader *speex_packet_to_header(char
ENDIAN_SWITCH(le_header->frames_per_packet);
ENDIAN_SWITCH(le_header->extra_headers);
+ if (le_header->mode >= SPEEX_NB_MODES || le_header->mode < 0)
+ {
+ speex_warning ("Invalid mode specified in Speex header");
+ speex_free (le_header);
+ return NULL;
+ }
+
return le_header;
}
Index: speex.spec
===================================================================
RCS file: /cvs/extras/rpms/speex/F-7/speex.spec,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- speex.spec 24 Oct 2006 19:06:18 -0000 1.18
+++ speex.spec 15 Apr 2008 15:42:57 -0000 1.19
@@ -1,7 +1,7 @@
Summary: A voice compression format (codec)
Name: speex
Version: 1.2
-Release: 0.2.beta1
+Release: 0.3.beta1
License: BSD
Group: System Environment/Libraries
URL: http://www.speex.org/
@@ -12,6 +12,7 @@
# don't build unneded test programs, since they seem to cause
# build failures
Patch0: speex-1.2beta1-test-progs.patch
+Patch1: speex-1.2-CVE-2008-1686.diff
%description
Speex is a patent-free compression format designed especially for
@@ -33,6 +34,7 @@
%prep
%setup -q -n speex-1.2beta1
%patch0 -p1 -b .test-progs
+%patch1 -p1 -b .CVE-2008-1686
%build
%configure --enable-static --with-ogg-libraries=%{_libdir}
@@ -69,6 +71,11 @@
%{_libdir}/libspeex.a
%changelog
+* Tue Apr 15 2008 Tomas Hoger <thoger at redhat.com> - 1.2-0.3.beta1
+- Security update: Add mode checks to speex_packet_to_header() to protect
+ applications using speex library and not having proper checks
+ (CVE-2008-1686, #441239, https://trac.xiph.org/changeset/14701)
+
* Tue Oct 24 2006 Matthias Clasen <mclasen at redhat.com> - 1.2-0.2.beta1
- Rebuild
- Previous message (by thread): rpms/kernel/devel config-generic, 1.96, 1.97 kernel.spec, 1.616, 1.617 linux-2.6-wireless-pending.patch, 1.44, 1.45
- Next message (by thread): rpms/speex/F-8 speex-1.2-CVE-2008-1686.diff, NONE, 1.1 speex.spec, 1.19, 1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list