[Thunar] Fix format string flaw CVE-2011-1588 (#698290)
Christoph Wickert
cwickert at fedoraproject.org
Wed Apr 20 16:46:53 UTC 2011
commit db81af538fd1f8d954a6d0bff13b2597c9c3771c
Author: Christoph Wickert <cwickert at fedoraproject.org>
Date: Wed Apr 20 18:46:58 2011 +0200
Fix format string flaw CVE-2011-1588 (#698290)
Thunar.spec | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
---
diff --git a/Thunar.spec b/Thunar.spec
index 285da0e..894a5ee 100644
--- a/Thunar.spec
+++ b/Thunar.spec
@@ -12,6 +12,9 @@ Source0: http://archive.xfce.org/src/xfce/thunar/%{minorversion}/%{name}-
Source1: thunar-sendto-bluetooth.desktop
Source2: thunar-sendto-audacious-playlist.desktop
Source3: thunar-sendto-quodlibet-playlist.desktop
+# Format string flaw when copying / moving files with % in the name - CVE-2011-1588
+# http://git.xfce.org/xfce/thunar/commit/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa
+Patch0: Thunar-1.3.0-CVE-2011-1588.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: exo-devel >= 0.5.1
@@ -68,6 +71,7 @@ libraries and header files for the Thunar file manager.
sed -i 's!internet-mail!mail-message-new!' \
plugins/thunar-sendto-email/thunar-sendto-email.desktop.in.in
+%patch0 -p1 -b .CVE-2011-1588
%build
%configure --enable-dbus --enable-gtk-doc
@@ -203,6 +207,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%changelog
+* Wed Apr 21 2011 Christoph Wickert <cwickert at fedoraproject.org> - 1.3.0-4
+- Fix format string flaw CVE-2011-1588 (#698290)
+
* Tue Mar 15 2011 Christoph Wickert <cwickert at fedoraproject.org> - 1.3.0-3
- Add missing BRs: libexif-devel, libICE-devel and libnotify-devel
More information about the scm-commits
mailing list