rpms/libid3tag/F-7 libid3tag-0.15.1b-fix_overflow.patch, NONE, 1.1 libid3tag.spec, 1.13, 1.14
Todd M. Zullinger (tmz)
fedora-extras-commits at redhat.com
Fri May 9 17:22:38 UTC 2008
Author: tmz
Update of /cvs/extras/rpms/libid3tag/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5824/F-7
Modified Files:
libid3tag.spec
Added Files:
libid3tag-0.15.1b-fix_overflow.patch
Log Message:
fix for CVE-2008-2109 (#445812)
libid3tag-0.15.1b-fix_overflow.patch:
--- NEW FILE libid3tag-0.15.1b-fix_overflow.patch ---
--- field.c.orig 2008-05-05 09:49:15.000000000 -0400
+++ field.c 2008-05-05 09:49:25.000000000 -0400
@@ -291,7 +291,7 @@
end = *ptr + length;
- while (end - *ptr > 0) {
+ while (end - *ptr > 0 && **ptr != '\0') {
ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
if (ucs4 == 0)
goto fail;
Index: libid3tag.spec
===================================================================
RCS file: /cvs/extras/rpms/libid3tag/F-7/libid3tag.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- libid3tag.spec 28 Aug 2006 06:37:14 -0000 1.13
+++ libid3tag.spec 9 May 2008 17:21:54 -0000 1.14
@@ -1,12 +1,13 @@
Name: libid3tag
Version: 0.15.1b
-Release: 3%{?dist}
+Release: 5%{?dist}
Summary: ID3 tag manipulation library
Group: System Environment/Libraries
-License: GPL
+License: GPLv2+
URL: http://www.underbit.com/products/mad/
Source0: http://download.sourceforge.net/mad/%{name}-%{version}.tar.gz
+Patch0: libid3tag-0.15.1b-fix_overflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: zlib-devel >= 1.1.4
@@ -16,7 +17,7 @@
both ID3v1 and the various versions of ID3v2.
%package devel
-Summary: libid3tag development files
+Summary: Development files for %{name}
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: pkgconfig
@@ -27,6 +28,8 @@
%prep
%setup -q
+%patch -p0 -b .CVE-2008-2109
+
# *.pc originally from the Debian package.
cat << \EOF > %{name}.pc
prefix=%{_prefix}
@@ -77,6 +80,12 @@
%changelog
+* Fri May 09 2008 Todd Zullinger <tmz at pobox.com> - 0.15.1b-5
+- fix for CVE-2008-2109 (#445812)
+
+* Mon Aug 6 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.15.1b-4
+- License: GPLv2+
+
* Mon Aug 28 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.15.1b-3
- Rebuild.
More information about the scm-commits
mailing list