rpms/xine-lib/EL-5 xine-lib-1.1.12-CVE-2008-1878.patch, NONE, 1.1 xine-lib.spec, 1.17, 1.18

Rex Dieter (rdieter) fedora-extras-commits at redhat.com
Thu Apr 24 13:20:49 UTC 2008 

Author: rdieter

Update of /cvs/pkgs/rpms/xine-lib/EL-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8862

Modified Files:
	xine-lib.spec 
Added Files:
	xine-lib-1.1.12-CVE-2008-1878.patch 
Log Message:
* Thu Apr 24 2008 Rex Dieter <rdieter at fedoraproject.org> - 1.1.8-9
- CVE-2008-1878 (#443969)


xine-lib-1.1.12-CVE-2008-1878.patch:

--- NEW FILE xine-lib-1.1.12-CVE-2008-1878.patch ---
diff -up xine-lib-1.1.12/src/demuxers/demux_nsf.c.CVE-2008-1878 xine-lib-1.1.12/src/demuxers/demux_nsf.c
--- xine-lib-1.1.12/src/demuxers/demux_nsf.c.CVE-2008-1878	2008-03-28 09:24:50.000000000 -0500
+++ xine-lib-1.1.12/src/demuxers/demux_nsf.c	2008-04-24 06:52:45.000000000 -0500
@@ -106,9 +106,9 @@ static int open_nsf_file(demux_nsf_t *th
 
   this->total_songs = header[6];
   this->current_song = header[7];
-  this->title = strdup(&header[0x0E]);
-  this->artist = strdup(&header[0x2E]);
-  this->copyright = strdup(&header[0x4E]);
+  this->title = strndup((char*)&header[0x0E], 0x20);
+  this->artist = strndup((char*)&header[0x2E], 0x20);
+  this->copyright = strndup((char*)&header[0x4E], 0x20); 
 
   this->filesize = this->input->get_length(this->input);
 


Index: xine-lib.spec
===================================================================
RCS file: /cvs/pkgs/rpms/xine-lib/EL-5/xine-lib.spec,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- xine-lib.spec	8 Feb 2008 20:38:56 -0000	1.17
+++ xine-lib.spec	24 Apr 2008 13:20:09 -0000	1.18
@@ -51,6 +51,8 @@
 Patch4:         %{name}-1.1.8-CVE-2008-0486.patch
 Patch6:         %{name}-1.1.1-deepbind-939.patch
 Patch7:         %{name}-1.1.5-multilib-devel.patch
+Patch8:         %{name}-1.1.12-CVE-2008-1878.patch
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 # X11
 BuildRequires:  libX11-devel libXv-devel libXinerama-devel libXvMC-devel
@@ -170,6 +172,7 @@
 # Patch6 needed at least when compiling with external ffmpeg, #939.
 %patch6 -p1 -b .deepbind
 %patch7 -p0 -b .multilib-devel
+%patch8 -p1 -b .CVE-2008-1878
 
 # Avoid standard rpaths on lib64 archs:
 sed -i -e 's|"/lib /usr/lib\b|"/%{_lib} %{_libdir}|' configure
@@ -392,6 +395,9 @@
 
 
 %changelog
+* Thu Apr 24 2008 Rex Dieter <rdieter at fedoraproject.org> - 1.1.8-9
+- CVE-2008-1878 (#443969)
+
 * Fri Feb  8 2008 Ville Skyttä <ville.skytta at iki.fi> - 1.1.8-8
 - Include ASF and FLAC comment security fixes from 1.1.10 and 1.1.10.1.

More information about the fedora-extras-commits mailing list