rpms/poppler/F-8 poppler-0.6.2-CVE-2008-2950.diff, NONE, 1.1 poppler.spec, 1.48, 1.49
Tomas Hoger (thoger)
fedora-extras-commits at redhat.com
Fri Aug 1 09:42:25 UTC 2008
- Previous message: rpms/collectd/devel .cvsignore, 1.4, 1.5 collectd.spec, 1.9, 1.10 sources, 1.4, 1.5
- Next message: rpms/poppler/F-9 poppler-0.8.1-AnnotQuadrilaterals.diff, NONE, 1.1 poppler-0.8.1-CVE-2008-2950.diff, NONE, 1.1 poppler-0.8.1-static-ft-lib.diff, NONE, 1.1 poppler.spec, 1.71, 1.72
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/extras/rpms/poppler/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23138
Modified Files:
poppler.spec
Added Files:
poppler-0.6.2-CVE-2008-2950.diff
Log Message:
Security fix for CVE-2008-2950 / oCERT-2008-007
poppler-0.6.2-CVE-2008-2950.diff:
--- NEW FILE poppler-0.6.2-CVE-2008-2950.diff ---
Upstream patch for CVE-2008-2950 / oCERT-2008-007: make sure pageWidgets is
initialized, do not call free for an uninitialized pointer
References:
http://www.ocert.org/advisories/ocert-2008-007.html
http://marc.info/?l=full-disclosure&m=121556059918963&w=4
Upstream commit:
http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.8&id=fd0bf8b05cb155e2f29df31fa01964b12e710b89
--- poppler-0.6.2/poppler-0.6.2/poppler/Page.cc.orig 2007-11-05 00:11:04.000000000 +0100
+++ poppler-0.6.2/poppler-0.6.2/poppler/Page.cc 2008-07-30 16:34:06.000000000 +0200
@@ -235,6 +235,7 @@ Page::Page(XRef *xrefA, int numA, Dict *
xref = xrefA;
num = numA;
duration = -1;
+ pageWidgets = NULL;
// get attributes
attrs = attrsA;
Index: poppler.spec
===================================================================
RCS file: /cvs/extras/rpms/poppler/F-8/poppler.spec,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- poppler.spec 30 Nov 2007 16:42:42 -0000 1.48
+++ poppler.spec 1 Aug 2008 09:41:55 -0000 1.49
@@ -3,7 +3,7 @@
Summary: PDF rendering library
Name: poppler
Version: 0.6.2
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2 and Redistributable, no modification permitted
# the code is GPLv2
# the charmap data in /usr/share/poppler is redistributable
@@ -14,6 +14,7 @@
# https://bugs.freedesktop.org/show_bug.cgi?id=12016
Patch0: poppler-ObjStream.patch
Patch1: poppler-qt3-check.patch
+Patch2: poppler-0.6.2-CVE-2008-2950.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: gtk2-devel
@@ -95,6 +96,7 @@
%setup -c -q -a1
%patch0 -p1 -b .objstream
%patch1 -p1 -b .qt3-check
+%patch2 -p1 -b .CVE-2008-2950
%build
( cd %{name}-%{version}
@@ -172,6 +174,11 @@
%{_mandir}/man1/*
%changelog
+* Wed Jul 30 2008 Tomas Hoger <thoger at redhat.com> - 0.6.2-2
+- Security update:
+ Add upstream patch for CVE-2008-2950 / oCERT-2008-007 - use of
+ an uninitilized pointer to call free() in Page::~Page (#454277)
+
* Thu Nov 30 2007 Matthias Clasen <mclasen at redhat.com> - 0.6.2-1
- package xpdf headers in poppler-devel (Jindrich Novy)
- Fix qt3 detection (Denis Leroy)
- Previous message: rpms/collectd/devel .cvsignore, 1.4, 1.5 collectd.spec, 1.9, 1.10 sources, 1.4, 1.5
- Next message: rpms/poppler/F-9 poppler-0.8.1-AnnotQuadrilaterals.diff, NONE, 1.1 poppler-0.8.1-CVE-2008-2950.diff, NONE, 1.1 poppler-0.8.1-static-ft-lib.diff, NONE, 1.1 poppler.spec, 1.71, 1.72
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list