rpms/glib2/F-8 cve-2008-2371.patch,NONE,1.1 glib2.spec,1.145,1.146
Matthias Clasen (mclasen)
fedora-extras-commits at redhat.com
Wed Jul 2 14:36:22 UTC 2008
Author: mclasen
Update of /cvs/extras/rpms/glib2/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18761
Modified Files:
glib2.spec
Added Files:
cve-2008-2371.patch
Log Message:
Fix cve-2008-2371
cve-2008-2371.patch:
--- NEW FILE cve-2008-2371.patch ---
diff -up glib-2.14.6/glib/pcre/pcre_compile.c.cve-2008-2371 glib-2.14.6/glib/pcre/pcre_compile.c
--- glib-2.14.6/glib/pcre/pcre_compile.c.cve-2008-2371 2008-07-02 10:30:50.000000000 -0400
+++ glib-2.14.6/glib/pcre/pcre_compile.c 2008-07-02 10:32:19.000000000 -0400
@@ -4701,7 +4701,7 @@ we set the flag only if there is a liter
(lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE))
{
cd->external_options = newoptions;
- options = newoptions;
+ options = *optionsptr = newoptions;
}
else
{
Index: glib2.spec
===================================================================
RCS file: /cvs/extras/rpms/glib2/F-8/glib2.spec,v
retrieving revision 1.145
retrieving revision 1.146
diff -u -r1.145 -r1.146
--- glib2.spec 7 Feb 2008 07:01:53 -0000 1.145
+++ glib2.spec 2 Jul 2008 14:35:45 -0000 1.146
@@ -3,7 +3,7 @@
Summary: A library of handy utility functions
Name: glib2
Version: 2.14.6
-Release: 1%{?dist}
+Release: 2%{?dist}
License: LGPLv2+
Group: System Environment/Libraries
URL: http://www.gtk.org
@@ -14,6 +14,8 @@
BuildRequires: pkgconfig >= 1:0.14
BuildRequires: gettext
+Patch0: cve-2008-2371.patch
+
%description
GLib is the low-level core library that forms the basis
for projects such as GTK+ and GNOME. It provides data structure
@@ -45,6 +47,7 @@
%prep
%setup -q -n glib-%{version}
+%patch0 -p1 -b .cve-2008-2371
%build
for i in config.guess config.sub ; do
@@ -117,6 +120,9 @@
%{_libdir}/lib*.a
%changelog
+* Wed Jul 2 2008 Matthias Clasen <mclasen at redhat.com> - 2.14.6-2
+- Fix a heap-based buffer overflow in PCRE (CVE-2008-2371)
+
* Thu Feb 7 2008 Matthias Clasen <mclasen at redhat.com> - 2.14.6-1
- Update to 2.14.6 (fixes a buffer overflow in PCRE)
More information about the fedora-extras-commits
mailing list