rpms/tetex/devel tetex-3.0-CVE-2007-3387.patch, NONE, 1.1 tetex.spec, 1.111, 1.112
Jindrich Novy (jnovy)
fedora-extras-commits at redhat.com
Fri Aug 10 12:10:51 UTC 2007
- Previous message: rpms/system-config-printer/devel system-config-printer.spec, 1.122, 1.123
- Next message: rpms/dovecot/devel .cvsignore, 1.29, 1.30 dovecot.spec, 1.86, 1.87 sources, 1.32, 1.33 dovecot-1.1.alpha1-split.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jnovy
Update of /cvs/extras/rpms/tetex/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12568
Modified Files:
tetex.spec
Added Files:
tetex-3.0-CVE-2007-3387.patch
Log Message:
- backport upstream fix for xpdf integer overflow CVE-2007-3387 (#248194)
tetex-3.0-CVE-2007-3387.patch:
--- NEW FILE tetex-3.0-CVE-2007-3387.patch ---
--- tetex-src-3.0/libs/xpdf/xpdf/Stream.cc.CVE-2007-3387 2007-07-26 17:13:02.000000000 +0200
+++ tetex-src-3.0/libs/xpdf/xpdf/Stream.cc 2007-07-26 17:21:58.000000000 +0200
@@ -15,6 +15,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
+#include <limits.h>
#ifndef WIN32
#include <unistd.h>
#endif
@@ -32,6 +33,7 @@
#include "JBIG2Stream.h"
#include "JPXStream.h"
#include "Stream-CCITT.h"
+#include "GfxState.h"
#ifdef __DJGPP__
static GBool setDJSYSFLAGS = gFalse;
@@ -429,6 +431,13 @@ StreamPredictor::StreamPredictor(Stream
if (rowBytes < 0) {
return;
}
+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+ nComps > gfxColorMaxComps ||
+ nBits > 16 ||
+ width >= INT_MAX / nComps || // check for overflow in nVals
+ nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
+ return;
+ }
predLine = (Guchar *)gmalloc(rowBytes);
memset(predLine, 0, rowBytes);
predIdx = rowBytes;
Index: tetex.spec
===================================================================
RCS file: /cvs/extras/rpms/tetex/devel/tetex.spec,v
retrieving revision 1.111
retrieving revision 1.112
diff -u -r1.111 -r1.112
--- tetex.spec 5 Jun 2007 14:03:25 -0000 1.111
+++ tetex.spec 10 Aug 2007 12:10:19 -0000 1.112
@@ -11,7 +11,7 @@
Summary: The TeX text formatting system.
Name: tetex
Version: 3.0
-Release: 41%{?dist}
+Release: 42%{?dist}
License: distributable
Group: Applications/Publishing
Requires: tmpwatch, dialog, ed
@@ -89,6 +89,7 @@
Patch22: tetex-3.0-selinux.patch
Patch23: tetex-3.0-footfix.patch
Patch24: tetex-3.0-CVE-2007-0650.patch
+Patch25: tetex-3.0-CVE-2007-3387.patch
######
# Japanization patches
@@ -310,6 +311,8 @@
%patch23 -p1 -b .footfix
# fix a couple of string overflows in makeindex - CVE-2007-0650 (#225491)
%patch24 -p1 -b .CVE-2007-0650
+# fix xpdf integer overflow CVE-2007-3387 (#248194)
+%patch25 -p1 -b .CVE-2007-3387
%if %{enable_japanese}
mkdir texmf/ptex-texmf
@@ -862,6 +865,9 @@
%defattr(-,root,root)
%changelog
+* Fri Aug 10 2007 Jindrich Novy <jnovy at redhat.com> 3.0-42
+- backport upstream fix for xpdf integer overflow CVE-2007-3387 (#248194)
+
* Tue Jun 5 2007 Jindrich Novy <jnovy at redhat.com> 3.0-41
- don't mess up file contexts while running texhash (#235032)
- Previous message: rpms/system-config-printer/devel system-config-printer.spec, 1.122, 1.123
- Next message: rpms/dovecot/devel .cvsignore, 1.29, 1.30 dovecot.spec, 1.86, 1.87 sources, 1.32, 1.33 dovecot-1.1.alpha1-split.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list