rpms/grip/F-10 grip.834724.patch,NONE,1.1 grip.spec,1.25,1.26
Adrian Reber
adrian at fedoraproject.org
Sun Nov 9 14:57:12 UTC 2008
- Previous message (by thread): rpms/grip/F-9 grip.834724.patch,NONE,1.1 grip.spec,1.23,1.24
- Next message (by thread): rpms/grip/EL-4 grip-3.2.0-executionpatch.patch, NONE, 1.1 grip.834724.patch, NONE, 1.1 grip.spec, 1.22, 1.23
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: adrian
Update of /cvs/extras/rpms/grip/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14098
Modified Files:
grip.spec
Added Files:
grip.834724.patch
Log Message:
* Sun Nov 09 2008 Adrian Reber <adrian at lisas.de> - 1:3.2.0-24
- fixed "buffer overflow caused by large amount of CDDB replies" (#470552)
(CVE-2005-0706)
grip.834724.patch:
--- NEW FILE grip.834724.patch ---
diff --git a/src/discdb.c b/src/discdb.c
index c21a608..9ad279b 100644
--- a/src/discdb.c
+++ b/src/discdb.c
@@ -311,7 +311,7 @@ gboolean DiscDBDoQuery(DiscInfo *disc,DiscDBServer *server,
query->query_match=MATCH_EXACT;
query->query_matches=0;
- while((inbuffer=DiscDBReadLine(&dataptr))) {
+ while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) {
query->query_list[query->query_matches].list_genre=
DiscDBGenreValue(g_strstrip(strtok(inbuffer," ")));
@@ -331,7 +331,7 @@ gboolean DiscDBDoQuery(DiscInfo *disc,DiscDBServer *server,
query->query_match=MATCH_INEXACT;
query->query_matches=0;
- while((inbuffer=DiscDBReadLine(&dataptr))) {
+ while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) {
query->query_list[query->query_matches].list_genre=
DiscDBGenreValue(g_strstrip(strtok(inbuffer," ")));
Index: grip.spec
===================================================================
RCS file: /cvs/extras/rpms/grip/F-10/grip.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- grip.spec 2 Oct 2008 20:09:13 -0000 1.25
+++ grip.spec 9 Nov 2008 14:56:42 -0000 1.26
@@ -1,7 +1,7 @@
Summary: Front-end for CD rippers and Ogg Vorbis encoders
Name: grip
Version: 3.2.0
-Release: 23%{?dist}
+Release: 24%{?dist}
Epoch: 1
License: GPLv2+
Group: Applications/Multimedia
@@ -13,6 +13,7 @@
Patch4: grip-64bit-fix.patch
Patch5: grip-3.2.0-lookup.patch
Patch6: grip-3.2.0-executionpatch.patch
+Patch7: grip.834724.patch
URL: http://www.nostatic.org/grip/
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: vorbis-tools
@@ -35,6 +36,7 @@
%patch4
%patch5 -p1
%patch6 -p1
+%patch7 -p1
%build
@@ -96,6 +98,10 @@
%{_mandir}/man1/*
%changelog
+* Sun Nov 09 2008 Adrian Reber <adrian at lisas.de> - 1:3.2.0-24
+- fixed "buffer overflow caused by large amount of CDDB replies" (#470552)
+ (CVE-2005-0706)
+
* Thu Oct 02 2008 Adrian Reber <adrian at lisas.de> - 1:3.2.0-23
- fixed "German Umlauts are shown incorrectly" (#459394)
(not converting de.po and fr.po to UTF-8 anymore)
- Previous message (by thread): rpms/grip/F-9 grip.834724.patch,NONE,1.1 grip.spec,1.23,1.24
- Next message (by thread): rpms/grip/EL-4 grip-3.2.0-executionpatch.patch, NONE, 1.1 grip.834724.patch, NONE, 1.1 grip.spec, 1.22, 1.23
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list