caolanm pushed to libwmf (f22). "Resolves: rhbz#1227244 CVE-2015-0848 heap overflow when decoding BMP images"
notifications at fedoraproject.org
notifications at fedoraproject.org
Tue Jun 2 10:39:41 UTC 2015
From 80714b56899ad0b0e995df5f4a01911c5cb8136e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm at redhat.com>
Date: Tue, 2 Jun 2015 11:38:54 +0100
Subject: Resolves: rhbz#1227244 CVE-2015-0848 heap overflow when decoding BMP
images
diff --git a/libwmf-0.2.8.4-CVE-2015-0848.patch b/libwmf-0.2.8.4-CVE-2015-0848.patch
new file mode 100644
index 0000000..40e71f2
--- /dev/null
+++ b/libwmf-0.2.8.4-CVE-2015-0848.patch
@@ -0,0 +1,20 @@
+--- libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-02 11:35:04.072201795 +0100
++++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h 2015-06-02 11:35:20.647406414 +0100
+@@ -1145,8 +1143,15 @@
+ }
+ }
+ else
+- { /* Convert run-length encoded raster pixels. */
+- DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
++ {
++ if (bmp_info.bits_per_pixel == 8) /* Convert run-length encoded raster pixels. */
++ {
++ DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
++ }
++ else
++ { WMF_ERROR (API,"Unexpected pixel depth");
++ API->err = wmf_E_BadFormat;
++ }
+ }
+
+ if (ERR (API))
diff --git a/libwmf.spec b/libwmf.spec
index 2c78123..4a753e9 100644
--- a/libwmf.spec
+++ b/libwmf.spec
@@ -1,7 +1,7 @@
Summary: Windows MetaFile Library
Name: libwmf
Version: 0.2.8.4
-Release: 41%{?dist}
+Release: 42%{?dist}
Group: System Environment/Libraries
#libwmf is under the LGPLv2+, however...
#1. The tarball contains an old version of the urw-fonts under GPL+.
@@ -55,6 +55,8 @@ Patch14: libwmf-0.2.8.4-CAN-2004-0941.patch
Patch15: libwmf-0.2.8.4-CVE-2009-3546.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=925929
Patch16: libwmf-aarch64.patch
+# CVE-2015-0848
+Patch17: libwmf-0.2.8.4-CVE-2015-0848.patch
Requires: urw-fonts
Requires: %{name}-lite = %{version}-%{release}
@@ -102,6 +104,7 @@ using libwmf.
%patch14 -p1 -b .CAN-2004-0941
%patch15 -p1 -b .CVE-2009-3546
%patch16 -p1 -b .aarch64
+%patch17 -p1 -b .CVE-2015-0848
f=README ; iconv -f iso-8859-2 -t utf-8 $f > $f.utf8 ; mv $f.utf8 $f
%build
@@ -167,6 +170,9 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache || :
%changelog
+* Tue Jun 02 2015 Caolán McNamara <caolanm at redhat.com> - 0.2.8.4-42
+- Resolves: rhbz#1227244 CVE-2015-0848 heap overflow when decoding BMP images
+
* Sat Feb 21 2015 Till Maas <opensource at till.name> - 0.2.8.4-41
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
@@ -290,7 +296,7 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache || :
* Tue Feb 07 2006 Jesse Keating <jkeating at redhat.com> - 0.2.8.4-4.1
- rebuilt for new gcc4.1 snapshot and glibc changes
-* Tue Jan 19 2006 Caolan McNamara <caolanm at redhat.com> 0.2.8.4-4
+* Thu Jan 19 2006 Caolan McNamara <caolanm at redhat.com> 0.2.8.4-4
- rh#178275# match srvg gtk2 _host usage for pixbuf loaders
* Tue Jan 03 2006 Caolan McNamara <caolanm at redhat.com> 0.2.8.4-3
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/libwmf.git/commit/?h=f22&id=80714b56899ad0b0e995df5f4a01911c5cb8136e
More information about the scm-commits
mailing list