rpms/libwmf/F-9 libwmf-0.2.8.4-useafterfree.patch, NONE, 1.1 libwmf.spec, 1.35, 1.36
Caolan McNamara
caolanm at fedoraproject.org
Tue May 26 12:25:45 UTC 2009
Author: caolanm
Update of /cvs/pkgs/rpms/libwmf/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3425/F-9
Modified Files:
libwmf.spec
Added Files:
libwmf-0.2.8.4-useafterfree.patch
Log Message:
Resolves: CVE-2009-1364
libwmf-0.2.8.4-useafterfree.patch:
--- NEW FILE libwmf-0.2.8.4-useafterfree.patch ---
--- libwmf-0.2.8.4/src/extra/gd/gd_clip.c.CVE-2009-1364-im-clip-list 2009-04-24 04:06:44.000000000 -0400
+++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c 2009-04-24 04:08:30.000000000 -0400
@@ -70,6 +70,7 @@ void gdClipSetAdd(gdImagePtr im,gdClipRe
{ more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
if (more == 0) return;
im->clip->max += 8;
+ im->clip->list = more;
}
im->clip->list[im->clip->count] = (*rect);
im->clip->count++;
Index: libwmf.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libwmf/F-9/libwmf.spec,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -p -r1.35 -r1.36
--- libwmf.spec 13 Feb 2008 18:08:14 -0000 1.35
+++ libwmf.spec 26 May 2009 12:25:14 -0000 1.36
@@ -1,7 +1,7 @@
Summary: Windows MetaFile Library
Name: libwmf
Version: 0.2.8.4
-Release: 18%{?dist}
+Release: 18.1%{?dist}
Group: System Environment/Libraries
License: LGPLv2+
Source: http://downloads.sourceforge.net/wvware/%{name}-%{version}.tar.gz
@@ -14,6 +14,7 @@ Patch3: libwmf-0.2.8.4-deps.patch
Patch4: libwmf-0.2.8.4-multiarchdevel.patch
Patch5: libwmf-0.2.8.4-intoverflow.patch
Patch6: libwmf-0.2.8.4-reducesymbols.patch
+Patch7: libwmf-0.2.8.4-useafterfree.patch
Requires: urw-fonts
Requires: %{name}-lite = %{version}-%{release}
Requires(post): %{_bindir}/update-gdk-pixbuf-loaders
@@ -50,6 +51,7 @@ using libwmf.
%patch4 -p1 -b .multiarchdevel
%patch5 -p1 -b .intoverflow
%patch6 -p1 -b .reducesymbols.patch
+%patch7 -p1 -b .useafterfree.patch
f=README ; iconv -f iso-8859-2 -t utf-8 $f > $f.utf8 ; mv $f.utf8 $f
%build
@@ -121,6 +123,9 @@ sed -i $RPM_BUILD_ROOT%{_datadir}/libwmf
rm -r $RPM_BUILD_ROOT
%changelog
+* Tue May 26 2009 Caolán McNamara <caolanm at redhat.com> - 0.2.8.4-18.1
+- Resolves: CVE-2009-1364
+
* Wed Feb 13 2008 Ville Skyttä <ville.skytta at iki.fi> - 0.2.8.4-18
- Split libwmflite (WMF parser) into -lite subpackage (#432651).
- Build with dependency tracking disabled.
More information about the scm-commits
mailing list