rpms/libgsf/FC-6 libgsf_CVE-2006-4514.patch, NONE, 1.1 libgsf.spec, 1.38, 1.39
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Dec 7 08:29:19 UTC 2006
Author: caolanm
Update of /cvs/dist/rpms/libgsf/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv19617
Modified Files:
libgsf.spec
Added Files:
libgsf_CVE-2006-4514.patch
Log Message:
libgsf_CVE-2006-4514.patch
libgsf_CVE-2006-4514.patch:
gsf-infile-msole.c | 7 +++++++
1 files changed, 7 insertions(+)
--- NEW FILE libgsf_CVE-2006-4514.patch ---
===================================================================
RCS file: /cvs/gnome/libgsf/gsf/gsf-infile-msole.c,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -r1.73 -r1.74
--- libgsf.orig/gsf/gsf-infile-msole.c 2006/09/06 20:39:46 1.73
+++ libgsf/gsf/gsf-infile-msole.c 2006/09/24 01:55:24 1.74
@@ -595,6 +595,13 @@
last = num_bat;
} else if (num_metabat > 0) {
metabat_block = metabat[last];
+ if (num_bat < last) {
+ /* ::num_bat and ::num_metabat are
+ * inconsistent. There are too many metabats
+ * for the bat count in the header. */
+ ptr = NULL;
+ break;
+ }
num_bat -= last;
}
Index: libgsf.spec
===================================================================
RCS file: /cvs/dist/rpms/libgsf/FC-6/libgsf.spec,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- libgsf.spec 9 Oct 2006 12:12:46 -0000 1.38
+++ libgsf.spec 7 Dec 2006 08:29:17 -0000 1.39
@@ -3,8 +3,8 @@
Summary: GNOME Structured File library
Name: libgsf
-Version: 1.14.2
-Release: 1
+Version: 1.14.1
+Release: 7
Group: System Environment/Libraries
License: LGPL
Source: ftp://ftp.gnome.org/pub/GNOME/sources/%{name}/1.11/%{name}-%{version}.tar.bz2
@@ -16,6 +16,8 @@
Obsoletes: libgsf113
+Patch0: libgsf_CVE-2006-4514.patch
+
%description
A library for reading and writing structured files (eg MS OLE and Zip)
@@ -42,6 +44,7 @@
%prep
%setup -q
+%patch0 -p1 -b libgsf_CVE-2006-4514.patch
%build
%configure --disable-gtk-doc
@@ -88,8 +91,8 @@
rm -r $RPM_BUILD_ROOT
%changelog
-* Mon Oct 09 2006 Caolan McNamara <caolanm at redhat.com> - 1.14.2-1
-- bump to 1.14.2
+* Thu Dec 07 2006 Caolan McNamara <caolanm at redhat.com> - 1.14.1-7
+- CVE-2006-4514 heap overflow
* Fri Jul 14 2006 Bill Nottingham <notting at redhat.com> - 1.14.1-6
- gnome-vfs2-devel no longer requires libbonobo-devel; add it as a buildreq
More information about the fedora-cvs-commits
mailing list