rpms/imlib2/EL-4 imlib2-cve20085187.patch, NONE, 1.1 imlib2.spec, 1.13, 1.14
Andreas Bierfert
awjb at fedoraproject.org
Sun Nov 23 10:19:38 UTC 2008
Author: awjb
Update of /cvs/pkgs/rpms/imlib2/EL-4
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9854
Modified Files:
imlib2.spec
Added Files:
imlib2-cve20085187.patch
Log Message:
- fix CVE-2008-5187
imlib2-cve20085187.patch:
--- NEW FILE imlib2-cve20085187.patch ---
--- src/modules/loaders/loader_xpm.c.orig 2008-11-23 11:16:07.000000000 +0100
+++ src/modules/loaders/loader_xpm.c 2008-11-23 11:16:27.000000000 +0100
@@ -378,8 +378,8 @@
return 0;
}
ptr = im->data;
- end = ptr + (sizeof(DATA32) * w * h);
pixels = w * h;
+ end = ptr + pixels;
}
else
{
Index: imlib2.spec
===================================================================
RCS file: /cvs/pkgs/rpms/imlib2/EL-4/imlib2.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- imlib2.spec 2 Jun 2008 06:54:59 -0000 1.13
+++ imlib2.spec 23 Nov 2008 10:19:07 -0000 1.14
@@ -1,13 +1,15 @@
Summary: Image loading, saving, rendering, and manipulation library
Name: imlib2
Version: 1.2.1
-Release: 4%{?dist}
+Release: 5%{?dist}
License: BSD
Group: System Environment/Libraries
URL: http://www.enlightenment.org/Libraries/Imlib2/
Source0: http://download.sf.net/enlightenment/%{name}-%{version}.tar.gz
Patch0: imlib2-1.3.0-loader_overflows.patch
Patch1: imlib2-1.2.1-CVE-2008-2426.patch
+# See http://bugzilla.enlightenment.org/show_bug.cgi?id=547
+Patch2: imlib2-cve20085187.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
BuildRequires: XFree86-devel libjpeg-devel libpng-devel libtiff-devel
BuildRequires: libungif-devel freetype-devel libtool bzip2-devel %{__perl}
@@ -44,7 +46,7 @@
%setup -q
%patch0 -p1 -b .overflow
%patch1 -p1 -b .CVE-2008-2426
-
+%patch2 -b .CVE-2008-5187
%build
asmopts="--disable-mmx --disable-amd64"
@@ -119,6 +121,10 @@
%changelog
+* Sun Nov 23 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
+- 1.2.1-5
+- fix for CVE-2008-5187
+
* Mon Jun 02 2008 Tomas Smetana <tsmetana at redhat.com> 1.2.1-4
- fix for CVE-2008-2426
More information about the scm-commits
mailing list