rpms/imlib2/EL-5 imlib2-cve20085187.patch, NONE, 1.1 imlib2.spec, 1.25, 1.26
Andreas Bierfert
awjb at fedoraproject.org
Sun Nov 23 10:13:00 UTC 2008
- Previous message (by thread): rpms/rxvt-unicode/devel .cvsignore, 1.30, 1.31 rxvt-unicode.spec, 1.42, 1.43 sources, 1.30, 1.31
- Next message (by thread): rpms/imlib2/EL-4 imlib2-cve20085187.patch, NONE, 1.1 imlib2.spec, 1.13, 1.14
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: awjb
Update of /cvs/pkgs/rpms/imlib2/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9258
Modified Files:
imlib2.spec
Added Files:
imlib2-cve20085187.patch
Log Message:
- fix CVE-2008-5187
imlib2-cve20085187.patch:
--- NEW FILE imlib2-cve20085187.patch ---
--- src/modules/loaders/loader_xpm.c.orig 2008-11-23 11:05:58.000000000 +0100
+++ src/modules/loaders/loader_xpm.c 2008-11-23 11:06:38.000000000 +0100
@@ -378,8 +378,8 @@
return 0;
}
ptr = im->data;
- end = ptr + (sizeof(DATA32) * w * h);
pixels = w * h;
+ end = ptr + pixels;
}
else
{
Index: imlib2.spec
===================================================================
RCS file: /cvs/pkgs/rpms/imlib2/EL-5/imlib2.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- imlib2.spec 2 Jun 2008 07:02:43 -0000 1.25
+++ imlib2.spec 23 Nov 2008 10:12:29 -0000 1.26
@@ -1,7 +1,7 @@
Summary: Image loading, saving, rendering, and manipulation library
Name: imlib2
Version: 1.3.0
-Release: 5%{?dist}
+Release: 6%{?dist}
License: BSD
Group: System Environment/Libraries
URL: http://www.enlightenment.org/Libraries/Imlib2/
@@ -10,6 +10,8 @@
Patch1: imlib2-1.3.0-multilib.patch
Patch2: imlib2-1.3.0-loader_overflows.patch
Patch3: imlib2-1.4.0-CVE-2008-2426.patch
+# See http://bugzilla.enlightenment.org/show_bug.cgi?id=547
+Patch4: imlib2-cve20085187.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
BuildRequires: libjpeg-devel libpng-devel libtiff-devel
BuildRequires: giflib-devel freetype-devel >= 2.1.9-4 libtool bzip2-devel
@@ -49,6 +51,8 @@
%patch1 -p1 -b .multilib
%patch2 -p1 -b .overflow
%patch3 -p1 -b .CVE-2008-2426
+%patch4 -b .CVE-2008-5187
+
# sigh stop autoxxx from rerunning because of our patches above.
touch aclocal.m4
touch configure
@@ -115,6 +119,10 @@
%changelog
+* Sun Nov 23 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
+- 1.3.0-6
+- fix for CVE-2008-5187
+
* Mon Jun 02 2008 Tomas Smetana <tsmetana at redhat.com> 1.3.0-5
- fix for CVE-2008-2426
- Previous message (by thread): rpms/rxvt-unicode/devel .cvsignore, 1.30, 1.31 rxvt-unicode.spec, 1.42, 1.43 sources, 1.30, 1.31
- Next message (by thread): rpms/imlib2/EL-4 imlib2-cve20085187.patch, NONE, 1.1 imlib2.spec, 1.13, 1.14
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list