rpms/DevIL/F-12 DevIL-1.7.8-CVE-2009-3994.patch, NONE, 1.1 DevIL.spec, 1.16, 1.17
Hans de Goede
jwrdegoede at fedoraproject.org
Fri Dec 4 12:09:23 UTC 2009
- Previous message: rpms/DevIL/devel DevIL-1.7.8-CVE-2009-3994.patch, NONE, 1.1 DevIL.spec, 1.16, 1.17
- Next message: rpms/DevIL/F-11 DevIL-1.7.8-CVE-2009-3994.patch, NONE, 1.1 DevIL.spec, 1.14, 1.15 sources, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jwrdegoede
Update of /cvs/extras/rpms/DevIL/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10855
Modified Files:
DevIL.spec
Added Files:
DevIL-1.7.8-CVE-2009-3994.patch
Log Message:
* Fri Dec 4 2009 Hans de Goede <hdegoede at redhat.com> 1.7.8-4
- Fix DICOM Processing Buffer Overflow Vulnerability CVE-2009-3994 (#542700)
DevIL-1.7.8-CVE-2009-3994.patch:
il_dicom.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- NEW FILE DevIL-1.7.8-CVE-2009-3994.patch ---
diff -up devil-1.7.8/src-IL/src/il_dicom.c~ devil-1.7.8/src-IL/src/il_dicom.c
--- devil-1.7.8/src-IL/src/il_dicom.c~ 2009-03-08 08:10:09.000000000 +0100
+++ devil-1.7.8/src-IL/src/il_dicom.c 2009-12-03 12:07:45.000000000 +0100
@@ -427,9 +427,11 @@ ILboolean GetUID(ILubyte *UID)
return IL_FALSE;
ValLen = GetLittleUShort();
+ if (ValLen > 64)
+ return IL_FALSE;
if (iread(UID, ValLen, 1) != 1)
return IL_FALSE;
- UID[64] = 0; // Just to make sure that our string is terminated.
+ UID[ValLen] = 0; // Just to make sure that our string is terminated.
return IL_TRUE;
}
Index: DevIL.spec
===================================================================
RCS file: /cvs/extras/rpms/DevIL/F-12/DevIL.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -p -r1.16 -r1.17
--- DevIL.spec 21 Aug 2009 13:18:30 -0000 1.16
+++ DevIL.spec 4 Dec 2009 12:09:23 -0000 1.17
@@ -1,6 +1,6 @@
Name: DevIL
Version: 1.7.8
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: A cross-platform image library
Group: System Environment/Libraries
License: LGPLv2
@@ -8,6 +8,7 @@ URL: http://openil.sourceforg
Source0: http://downloads.sourceforge.net/openil/%{name}-%{version}.tar.gz
Patch0: DevIL-1.7.5-allegropicfix.patch
Patch1: DevIL-1.7.5-il_endian_h.patch
+Patch2: DevIL-1.7.8-CVE-2009-3994.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: allegro-devel
BuildRequires: lcms-devel
@@ -65,6 +66,7 @@ Development files for the libILUT compon
%setup -q -n devil-%{version}
%patch0 -p1
%patch1 -p1
+%patch2 -p1
iconv -f iso8859-1 CREDITS -t utf8 > CREDITS.conv
touch -r CREDITS CREDITS.conv
mv CREDITS.conv CREDITS
@@ -138,6 +140,9 @@ fi
%changelog
+* Fri Dec 4 2009 Hans de Goede <hdegoede at redhat.com> 1.7.8-4
+- Fix DICOM Processing Buffer Overflow Vulnerability CVE-2009-3994 (#542700)
+
* Fri Aug 21 2009 Hans de Goede <hdegoede at redhat.com> 1.7.8-3
- Switch Source0 to respun upstream tarbal (added a missing header)
- Previous message: rpms/DevIL/devel DevIL-1.7.8-CVE-2009-3994.patch, NONE, 1.1 DevIL.spec, 1.16, 1.17
- Next message: rpms/DevIL/F-11 DevIL-1.7.8-CVE-2009-3994.patch, NONE, 1.1 DevIL.spec, 1.14, 1.15 sources, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list