rpms/ghostscript/F-8 ghostscript-CVE-2008-0411.patch, NONE, 1.1 ghostscript.spec, 1.154, 1.155

Tim Waugh (twaugh) fedora-extras-commits at redhat.com
Wed Feb 27 17:16:08 UTC 2008 

Author: twaugh

Update of /cvs/pkgs/rpms/ghostscript/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8843

Modified Files:
	ghostscript.spec 
Added Files:
	ghostscript-CVE-2008-0411.patch 
Log Message:
* Wed Feb 27 2008 Tim Waugh <twaugh at redhat.com> 8.61-8
- Applied patch to fix CVE-2008-0411 (bug #431536).


ghostscript-CVE-2008-0411.patch:

--- NEW FILE ghostscript-CVE-2008-0411.patch ---
diff -up ghostscript-8.61/src/zicc.c.CVE-2008-0411 ghostscript-8.61/src/zicc.c
--- ghostscript-8.61/src/zicc.c.CVE-2008-0411	2007-09-25 14:31:24.000000000 +0100
+++ ghostscript-8.61/src/zicc.c	2008-02-27 17:07:30.000000000 +0000
@@ -77,6 +77,9 @@ zseticcspace(i_ctx_t * i_ctx_p)
     dict_find_string(op, "N", &pnval);
     ncomps = pnval->value.intval;
 
+    if (2*ncomps > sizeof(range_buff)/sizeof(float))
+	return_error(e_rangecheck);
+
     /* verify the DataSource entry */
     if (dict_find_string(op, "DataSource", &pstrmval) <= 0)
         return_error(e_undefined);


Index: ghostscript.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ghostscript/F-8/ghostscript.spec,v
retrieving revision 1.154
retrieving revision 1.155
diff -u -r1.154 -r1.155
--- ghostscript.spec	22 Feb 2008 14:32:48 -0000	1.154
+++ ghostscript.spec	27 Feb 2008 17:15:34 -0000	1.155
@@ -5,7 +5,7 @@
 Name: ghostscript
 Version: %{gs_ver}
 
-Release: 7%{?dist}
+Release: 8%{?dist}
 
 License: GPLv2
 URL: http://www.ghostscript.com/
@@ -22,6 +22,7 @@
 Patch6: ghostscript-runlibfileifexists.patch
 Patch7: ghostscript-gsbug689577.patch
 Patch8: ghostscript-system-jasper.patch
+Patch9: ghostscript-CVE-2008-0411.patch
 
 Requires: urw-fonts >= 1.1, ghostscript-fonts
 BuildRequires: libjpeg-devel, libXt-devel
@@ -100,6 +101,8 @@
 
 %patch8 -p1 -b .system-jasper
 
+%patch9 -p1 -b .CVE-2008-0411
+
 # Convert manual pages to UTF-8
 from8859_1() {
 	iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
@@ -271,6 +274,9 @@
 %{_libdir}/libgs.so
 
 %changelog
+* Wed Feb 27 2008 Tim Waugh <twaugh at redhat.com> 8.61-8
+- Applied patch to fix CVE-2008-0411 (bug #431536).
+
 * Fri Feb 22 2008 Tim Waugh <twaugh at redhat.com> 8.61-7
 - Build with jasper again (bug #433897).  Build requires jasper-devel, and
   a patch to remove jas_set_error_cb reference.

More information about the fedora-extras-commits mailing list