rpms/libgsf/FC-5 libgsf_CVE-2006-4514.patch, NONE, 1.1 libgsf.spec, 1.23, 1.24
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Dec 1 09:18:34 UTC 2006
- Previous message (by thread): rpms/m17n-db/FC-6 .cvsignore, 1.47, 1.48 m17n-db.spec, 1.57, 1.58 si-wijesekera_surrounding_to_preedit.patch, 1.1, 1.2 sources, 1.49, 1.50
- Next message (by thread): rpms/openssl/FC-6 openssl-0.9.8b-x509-name-cmp.patch, 1.1, 1.2 openssl.spec, 1.87, 1.88
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: caolanm
Update of /cvs/dist/rpms/libgsf/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv21578
Modified Files:
libgsf.spec
Added Files:
libgsf_CVE-2006-4514.patch
Log Message:
Resolves: rhbz#217957 CVE-2006-4514 libgsf heap overflow
libgsf_CVE-2006-4514.patch:
gsf-infile-msole.c | 7 +++++++
1 files changed, 7 insertions(+)
--- NEW FILE libgsf_CVE-2006-4514.patch ---
===================================================================
RCS file: /cvs/gnome/libgsf/gsf/gsf-infile-msole.c,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -r1.73 -r1.74
--- libgsf.orig/gsf/gsf-infile-msole.c 2006/09/06 20:39:46 1.73
+++ libgsf/gsf/gsf-infile-msole.c 2006/09/24 01:55:24 1.74
@@ -595,6 +595,13 @@
last = num_bat;
} else if (num_metabat > 0) {
metabat_block = metabat[last];
+ if (num_bat < last) {
+ /* ::num_bat and ::num_metabat are
+ * inconsistent. There are too many metabats
+ * for the bat count in the header. */
+ ptr = NULL;
+ break;
+ }
num_bat -= last;
}
Index: libgsf.spec
===================================================================
RCS file: /cvs/dist/rpms/libgsf/FC-5/libgsf.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- libgsf.spec 11 Feb 2006 04:05:52 -0000 1.23
+++ libgsf.spec 1 Dec 2006 09:18:27 -0000 1.24
@@ -1,7 +1,7 @@
Summary: GNOME Structured File library
Name: libgsf
Version: 1.13.3
-Release: 2.2.1
+Release: 3
Group: System Environment/Libraries
License: LGPL
Source: ftp://ftp.gnome.org/pub/GNOME/sources/%{name}/1.11/%{name}-%{version}.tar.bz2
@@ -14,6 +14,8 @@
BuildRequires: bzip2-devel
Obsoletes: libgsf113
+Patch0: libgsf_CVE-2006-4514.patch
+
%description
A library for reading and writing structured files (eg MS OLE and Zip)
@@ -33,6 +35,7 @@
%prep
%setup -q
+%patch0 -p1 -b libgsf_CVE-2006-4514.patch
%build
%configure --enable-gtk-doc
@@ -69,6 +72,9 @@
rm -r $RPM_BUILD_ROOT
%changelog
+* Fri Dec 01 2006 Caolan McNamara <caolanm at redhat.com> 1.13.3-3
+- CVE-2006-4514 heap overflow
+
* Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 1.13.3-2.2.1
- bump again for double-long bug on ppc(64)
- Previous message (by thread): rpms/m17n-db/FC-6 .cvsignore, 1.47, 1.48 m17n-db.spec, 1.57, 1.58 si-wijesekera_surrounding_to_preedit.patch, 1.1, 1.2 sources, 1.49, 1.50
- Next message (by thread): rpms/openssl/FC-6 openssl-0.9.8b-x509-name-cmp.patch, 1.1, 1.2 openssl.spec, 1.87, 1.88
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list