rpms/imlib2/F-7 imlib2-1.4.0-CVE-2008-2426.patch, NONE, 1.1 imlib2.spec, 1.25, 1.26

Tomas Smetana (tsmetana) fedora-extras-commits at redhat.com
Fri May 30 10:59:09 UTC 2008


Author: tsmetana

Update of /cvs/pkgs/rpms/imlib2/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4597

Modified Files:
	imlib2.spec 
Added Files:
	imlib2-1.4.0-CVE-2008-2426.patch 
Log Message:
* Fri May 30 2008 Tomas Smetana <tsmetana at redhat.com> 1.3.0-4
- patch for CVE-2008-2426


imlib2-1.4.0-CVE-2008-2426.patch:

--- NEW FILE imlib2-1.4.0-CVE-2008-2426.patch ---
diff -up imlib2-1.4.0/src/modules/loaders/loader_xpm.c.CVE-2008-2426 imlib2-1.4.0/src/modules/loaders/loader_xpm.c
--- imlib2-1.4.0/src/modules/loaders/loader_xpm.c.CVE-2008-2426	2008-05-30 11:54:06.000000000 +0200
+++ imlib2-1.4.0/src/modules/loaders/loader_xpm.c	2008-05-30 11:54:40.000000000 +0200
@@ -284,7 +284,7 @@ load(ImlibImage * im, ImlibProgressFunct
                                  if (line[k] != ' ')
                                    {
                                       s[0] = 0;
-                                      sscanf(&line[k], "%65535s", s);
+                                      sscanf(&line[k], "%255s", s);
                                       slen = strlen(s);
                                       k += slen;
                                       if (!strcmp(s, "c"))


Index: imlib2.spec
===================================================================
RCS file: /cvs/pkgs/rpms/imlib2/F-7/imlib2.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- imlib2.spec	9 Nov 2006 09:48:17 -0000	1.25
+++ imlib2.spec	30 May 2008 10:57:56 -0000	1.26
@@ -1,7 +1,7 @@
 Summary:        Image loading, saving, rendering, and manipulation library
 Name:           imlib2
 Version:        1.3.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        BSD
 Group:          System Environment/Libraries
 URL:            http://www.enlightenment.org/Libraries/Imlib2/
@@ -9,6 +9,7 @@
 Patch0:         imlib2-1.2.1-X11-path.patch
 Patch1:         imlib2-1.3.0-multilib.patch
 Patch2:         imlib2-1.3.0-loader_overflows.patch
+Patch3:         imlib2-1.4.0-CVE-2008-2426.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires:  libjpeg-devel libpng-devel libtiff-devel
 BuildRequires:  giflib-devel freetype-devel >= 2.1.9-4 libtool bzip2-devel
@@ -47,6 +48,7 @@
 %patch0 -p1 -b .x11-path
 %patch1 -p1 -b .multilib
 %patch2 -p1 -b .overflow
+%patch3 -p1 -b .CVE-2008-2426
 # sigh stop autoxxx from rerunning because of our patches above.
 touch aclocal.m4
 touch configure
@@ -116,6 +118,9 @@
 
 
 %changelog
+* Fri May 30 2008 Tomas Smetana <tsmetana at redhat.com> 1.3.0-4
+- patch for CVE-2008-2426
+
 * Thu Nov  9 2006 Hans de Goede <j.w.r.degoede at hhs.nl> 1.3.0-3
 - Fix CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809, thanks to
   Ubuntu for the patch (bug 214676)




More information about the fedora-extras-commits mailing list