rpms/libgsf/FC-6 libgsf_CVE-2006-4514.patch, NONE, 1.1 libgsf.spec, 1.38, 1.39

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Thu Dec 7 08:29:19 UTC 2006 

Author: caolanm

Update of /cvs/dist/rpms/libgsf/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv19617

Modified Files:
	libgsf.spec 
Added Files:
	libgsf_CVE-2006-4514.patch 
Log Message:
libgsf_CVE-2006-4514.patch

libgsf_CVE-2006-4514.patch:
 gsf-infile-msole.c |    7 +++++++
 1 files changed, 7 insertions(+)

--- NEW FILE libgsf_CVE-2006-4514.patch ---
===================================================================
RCS file: /cvs/gnome/libgsf/gsf/gsf-infile-msole.c,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -r1.73 -r1.74
--- libgsf.orig/gsf/gsf-infile-msole.c	2006/09/06 20:39:46	1.73
+++ libgsf/gsf/gsf-infile-msole.c	2006/09/24 01:55:24	1.74
@@ -595,6 +595,13 @@
 			last = num_bat;
 		} else if (num_metabat > 0) {
 			metabat_block = metabat[last];
+			if (num_bat < last) {
+				/* ::num_bat and ::num_metabat are
+				 * inconsistent.  There are too many metabats
+				 * for the bat count in the header. */
+				ptr = NULL;
+				break;
+			}
 			num_bat -= last;
 		}
 


Index: libgsf.spec
===================================================================
RCS file: /cvs/dist/rpms/libgsf/FC-6/libgsf.spec,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- libgsf.spec	9 Oct 2006 12:12:46 -0000	1.38
+++ libgsf.spec	7 Dec 2006 08:29:17 -0000	1.39
@@ -3,8 +3,8 @@
 
 Summary: GNOME Structured File library
 Name: libgsf
-Version: 1.14.2
-Release: 1
+Version: 1.14.1
+Release: 7
 Group: System Environment/Libraries
 License: LGPL
 Source: ftp://ftp.gnome.org/pub/GNOME/sources/%{name}/1.11/%{name}-%{version}.tar.bz2
@@ -16,6 +16,8 @@
 
 Obsoletes: libgsf113
 
+Patch0: libgsf_CVE-2006-4514.patch
+
 %description
 A library for reading and writing structured files (eg MS OLE and Zip)
 
@@ -42,6 +44,7 @@
 
 %prep
 %setup -q
+%patch0 -p1 -b libgsf_CVE-2006-4514.patch
 
 %build
 %configure --disable-gtk-doc
@@ -88,8 +91,8 @@
 rm -r $RPM_BUILD_ROOT
 
 %changelog
-* Mon Oct 09 2006 Caolan McNamara <caolanm at redhat.com> - 1.14.2-1
-- bump to 1.14.2
+* Thu Dec 07 2006 Caolan McNamara <caolanm at redhat.com> - 1.14.1-7
+- CVE-2006-4514 heap overflow
 
 * Fri Jul 14 2006 Bill Nottingham <notting at redhat.com> - 1.14.1-6
 - gnome-vfs2-devel no longer requires libbonobo-devel; add it as a buildreq

More information about the fedora-cvs-commits mailing list