rpms/libcdaudio/F-8 libcdaudio-0.99-CAN-2005-0706.patch, NONE, 1.1 libcdaudio.spec, 1.2, 1.3

Axel Thimm athimm at fedoraproject.org
Sat Dec 27 19:01:46 UTC 2008 

Author: athimm

Update of /cvs/extras/rpms/libcdaudio/F-8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13166/F-8

Modified Files:
	libcdaudio.spec 
Added Files:
	libcdaudio-0.99-CAN-2005-0706.patch 
Log Message:
Fix CAN-2005-0706

libcdaudio-0.99-CAN-2005-0706.patch:

--- NEW FILE libcdaudio-0.99-CAN-2005-0706.patch ---
--- libcdaudio-0.99.10/src/cddb.c.orig	2005-04-03 15:37:04.180240520 +0200
+++ libcdaudio-0.99.10/src/cddb.c	2005-04-03 15:38:07.389631232 +0200
@@ -1034,7 +1034,7 @@
     }
 	   
     query->query_matches = 0;
-    while(!cddb_read_line(sock, inbuffer, 256)) {
+    while(query->query_matches < MAX_INEXACT_MATCHES && !cddb_read_line(sock, inbuffer, 256)) {
       slashed = 0;
       if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
 	index = 0;



Index: libcdaudio.spec
===================================================================
RCS file: /cvs/extras/rpms/libcdaudio/F-8/libcdaudio.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- libcdaudio.spec	25 Aug 2008 12:07:57 -0000	1.2
+++ libcdaudio.spec	27 Dec 2008 19:01:16 -0000	1.3
@@ -1,7 +1,7 @@
 Summary: Control operation of a CD-ROM when playing audio CDs
 Name: libcdaudio
 Version: 0.99.12p2
-Release: 10%{?dist}
+Release: 11%{?dist}
 # COPYING is a copy of GPLv2, but the code and the README clearly indicate
 # that the code is LGPLv2+. Probably want to let upstream know about COPYING.
 License: LGPLv2+
@@ -10,6 +10,7 @@
 Source0: http://prdownloads.sourceforge.net/libcdaudio/%{name}-%{version}.tar.gz
 Patch0: libcdaudio-0.99.12-buffovfl.patch
 Patch1: libcdaudio-0.99.12p2-libdir.patch
+Patch2: libcdaudio-0.99-CAN-2005-0706.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires: gcc-c++
 
@@ -31,6 +32,7 @@
 %setup -q
 %patch0 -p0
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure \
@@ -65,6 +67,9 @@
 %{_libdir}/pkgconfig/libcdaudio.pc
 
 %changelog
+* Sat Dec 27 2008 Axel Thimm <Axel.Thimm at ATrpms.net> - 0.99.12p2-11
+- Fix CVE-2005-0706.
+
 * Wed May 21 2008 Tom "spot" Callaway <tcallawa at redhat.com> - 0.99.12p2-10
 - took COPYING out of doc (it is simply wrong)
 - fixed license tag

More information about the fedora-extras-commits mailing list