rpms/imlib2/EL-4 imlib2-cve20085187.patch, NONE, 1.1 imlib2.spec, 1.13, 1.14

Andreas Bierfert awjb at fedoraproject.org
Sun Nov 23 10:19:38 UTC 2008 

Author: awjb

Update of /cvs/pkgs/rpms/imlib2/EL-4
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9854

Modified Files:
	imlib2.spec 
Added Files:
	imlib2-cve20085187.patch 
Log Message:
- fix CVE-2008-5187


imlib2-cve20085187.patch:

--- NEW FILE imlib2-cve20085187.patch ---
--- src/modules/loaders/loader_xpm.c.orig	2008-11-23 11:16:07.000000000 +0100
+++ src/modules/loaders/loader_xpm.c	2008-11-23 11:16:27.000000000 +0100
@@ -378,8 +378,8 @@
                                  return 0;
                               }
                             ptr = im->data;
-                            end = ptr + (sizeof(DATA32) * w * h);
                             pixels = w * h;
+                            end = ptr + pixels;
                          }
                        else
                          {


Index: imlib2.spec
===================================================================
RCS file: /cvs/pkgs/rpms/imlib2/EL-4/imlib2.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- imlib2.spec	2 Jun 2008 06:54:59 -0000	1.13
+++ imlib2.spec	23 Nov 2008 10:19:07 -0000	1.14
@@ -1,13 +1,15 @@
 Summary:	Image loading, saving, rendering, and manipulation library
 Name:		imlib2
 Version:	1.2.1
-Release:	4%{?dist}
+Release:	5%{?dist}
 License:	BSD
 Group:		System Environment/Libraries
 URL:		http://www.enlightenment.org/Libraries/Imlib2/
 Source0:	http://download.sf.net/enlightenment/%{name}-%{version}.tar.gz
 Patch0:		imlib2-1.3.0-loader_overflows.patch
 Patch1:		imlib2-1.2.1-CVE-2008-2426.patch
+# See http://bugzilla.enlightenment.org/show_bug.cgi?id=547
+Patch2:         imlib2-cve20085187.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires:	XFree86-devel libjpeg-devel libpng-devel libtiff-devel
 BuildRequires:	libungif-devel freetype-devel libtool bzip2-devel %{__perl}
@@ -44,7 +46,7 @@
 %setup -q
 %patch0 -p1 -b .overflow
 %patch1 -p1 -b .CVE-2008-2426
-
+%patch2 -b .CVE-2008-5187
 
 %build
 asmopts="--disable-mmx --disable-amd64"
@@ -119,6 +121,10 @@
 
 
 %changelog
+* Sun Nov 23 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
+- 1.2.1-5
+- fix for CVE-2008-5187
+
 * Mon Jun 02 2008 Tomas Smetana <tsmetana at redhat.com> 1.2.1-4
 - fix for CVE-2008-2426

More information about the fedora-extras-commits mailing list