rpms/ghostscript/F-8 ghostscript-CVE-2008-0411.patch, NONE, 1.1 ghostscript.spec, 1.154, 1.155
Tim Waugh (twaugh)
fedora-extras-commits at redhat.com
Wed Feb 27 17:16:08 UTC 2008
Author: twaugh
Update of /cvs/pkgs/rpms/ghostscript/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8843
Modified Files:
ghostscript.spec
Added Files:
ghostscript-CVE-2008-0411.patch
Log Message:
* Wed Feb 27 2008 Tim Waugh <twaugh at redhat.com> 8.61-8
- Applied patch to fix CVE-2008-0411 (bug #431536).
ghostscript-CVE-2008-0411.patch:
--- NEW FILE ghostscript-CVE-2008-0411.patch ---
diff -up ghostscript-8.61/src/zicc.c.CVE-2008-0411 ghostscript-8.61/src/zicc.c
--- ghostscript-8.61/src/zicc.c.CVE-2008-0411 2007-09-25 14:31:24.000000000 +0100
+++ ghostscript-8.61/src/zicc.c 2008-02-27 17:07:30.000000000 +0000
@@ -77,6 +77,9 @@ zseticcspace(i_ctx_t * i_ctx_p)
dict_find_string(op, "N", &pnval);
ncomps = pnval->value.intval;
+ if (2*ncomps > sizeof(range_buff)/sizeof(float))
+ return_error(e_rangecheck);
+
/* verify the DataSource entry */
if (dict_find_string(op, "DataSource", &pstrmval) <= 0)
return_error(e_undefined);
Index: ghostscript.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ghostscript/F-8/ghostscript.spec,v
retrieving revision 1.154
retrieving revision 1.155
diff -u -r1.154 -r1.155
--- ghostscript.spec 22 Feb 2008 14:32:48 -0000 1.154
+++ ghostscript.spec 27 Feb 2008 17:15:34 -0000 1.155
@@ -5,7 +5,7 @@
Name: ghostscript
Version: %{gs_ver}
-Release: 7%{?dist}
+Release: 8%{?dist}
License: GPLv2
URL: http://www.ghostscript.com/
@@ -22,6 +22,7 @@
Patch6: ghostscript-runlibfileifexists.patch
Patch7: ghostscript-gsbug689577.patch
Patch8: ghostscript-system-jasper.patch
+Patch9: ghostscript-CVE-2008-0411.patch
Requires: urw-fonts >= 1.1, ghostscript-fonts
BuildRequires: libjpeg-devel, libXt-devel
@@ -100,6 +101,8 @@
%patch8 -p1 -b .system-jasper
+%patch9 -p1 -b .CVE-2008-0411
+
# Convert manual pages to UTF-8
from8859_1() {
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
@@ -271,6 +274,9 @@
%{_libdir}/libgs.so
%changelog
+* Wed Feb 27 2008 Tim Waugh <twaugh at redhat.com> 8.61-8
+- Applied patch to fix CVE-2008-0411 (bug #431536).
+
* Fri Feb 22 2008 Tim Waugh <twaugh at redhat.com> 8.61-7
- Build with jasper again (bug #433897). Build requires jasper-devel, and
a patch to remove jas_set_error_cb reference.
More information about the fedora-extras-commits
mailing list