rpms/dumb/FC-5 dumb-0.9.3-CVE-2006-3668.patch, NONE, 1.1 dumb.spec, 1.2, 1.3

Thu Jul 27 07:59:41 UTC 2006

Author: jwrdegoede

Update of /cvs/extras/rpms/dumb/FC-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5640

Modified Files:
	dumb.spec 
Added Files:
	dumb-0.9.3-CVE-2006-3668.patch 
Log Message:
* Thu Jul 27 2006 Hans de Goede <j.w.r.degoede at hhs.nl> 0.9.3-4
- Fix CVE-2006-3668, thanks to Debian for the patch


dumb-0.9.3-CVE-2006-3668.patch:

--- NEW FILE dumb-0.9.3-CVE-2006-3668.patch ---
Index: libdumb-0.9.3/src/it/itread.c
===================================================================
--- libdumb-0.9.3.orig/src/it/itread.c	2006-07-21 11:05:48.000000000 +0200
+++ libdumb-0.9.3/src/it/itread.c	2006-07-21 11:07:22.000000000 +0200
@@ -292,6 +292,11 @@
 
 	envelope->flags = dumbfile_getc(f);
 	envelope->n_nodes = dumbfile_getc(f);
+	if(envelope->n_nodes > 25) {
+		TRACE("IT error: wrong number of envelope nodes (%d)\n", envelope->n_nodes);
+		envelope->n_nodes = 0;
+		return -1;
+	}
 	envelope->loop_start = dumbfile_getc(f);
 	envelope->loop_end = dumbfile_getc(f);
 	envelope->sus_loop_start = dumbfile_getc(f);


Index: dumb.spec
===================================================================
RCS file: /cvs/extras/rpms/dumb/FC-5/dumb.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- dumb.spec	31 Mar 2006 08:22:30 -0000	1.2
+++ dumb.spec	27 Jul 2006 07:59:41 -0000	1.3
@@ -1,12 +1,13 @@
 Name:           dumb
 Version:        0.9.3
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        IT, XM, S3M and MOD player library
 Group:          System Environment/Libraries
 License:        GPL-Compatible
 URL:            http://dumb.sourceforge.net/
 Source0:        http://dl.sourceforge.net/sourceforge/%{name}/%{name}-%{version}.tar.gz
 Source1:        http://dl.sourceforge.net/sourceforge/%{name}/%{name}-%{version}-autotools.tar.gz
+Patch0:         dumb-0.9.3-CVE-2006-3668.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  allegro-devel
 
@@ -29,6 +30,7 @@
 
 %prep
 %setup -q -b 01
+%patch0 -p1 -z .cve-2006-3668
 
 
 %build
@@ -67,6 +69,9 @@
 
 
 %changelog
+* Thu Jul 27 2006 Hans de Goede <j.w.r.degoede at hhs.nl> 0.9.3-4
+- Fix CVE-2006-3668, thanks to Debian for the patch
+
 * Wed Mar 29 2006 Hans de Goede <j.w.r.degoede at hhs.nl> 0.9.3-3
 - Add Requires: allegro-devel to -devel package
 


