rpms/ImageMagick/FC-4 ImageMagick-6.2.2-format-string-again.patch, NONE, 1.1 ImageMagick.spec, 1.42, 1.43
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Jan 23 14:35:46 UTC 2006
Author: mclasen
Update of /cvs/dist/rpms/ImageMagick/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv2667
Modified Files:
ImageMagick.spec
Added Files:
ImageMagick-6.2.2-format-string-again.patch
Log Message:
Fix a format string vuln.
ImageMagick-6.2.2-format-string-again.patch:
blob.c | 10 +++++++++-
1 files changed, 9 insertions(+), 1 deletion(-)
--- NEW FILE ImageMagick-6.2.2-format-string-again.patch ---
--- ImageMagick-6.2.2/magick/blob.c.format-string-again 2005-04-24 19:23:05.000000000 -0400
+++ ImageMagick-6.2.2/magick/blob.c 2006-01-23 09:32:47.000000000 -0500
@@ -1917,8 +1917,16 @@
char
format[MaxTextExtent];
+ /* Extract first numeric format specifier */
(void) CopyMagickString(format,p,MaxTextExtent);
- (void) FormatMagickString(p,MaxTextExtent,format,image->scene);
+ if (q-p+1 < MaxTextExtent)
+ format[q-p+1]='\0';
+ /* Expand format */
+ (void) FormatMagickString(p,MaxTextExtent,format, image->scene);
+ /* Copy rest of string verbatim without further expansion */
+ (void) ConcatenateMagickString(filename,
+ image_info->filename+(q-filename)+1,
+ MaxTextExtent);
break;
}
}
Index: ImageMagick.spec
===================================================================
RCS file: /cvs/dist/rpms/ImageMagick/FC-4/ImageMagick.spec,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- ImageMagick.spec 21 Jun 2005 15:30:02 -0000 1.42
+++ ImageMagick.spec 23 Jan 2006 14:35:43 -0000 1.43
@@ -9,7 +9,7 @@
%else
Version: %{VER}
%endif
-Release: 3.fc4.0
+Release: 3.fc4.1
License: freeware
Group: Applications/Multimedia
%if "%{Patchlevel}" != ""
@@ -25,6 +25,8 @@
Patch7: ImageMagick-6.2.1-fixed.patch
# 158791
Patch8: ImageMagick-5.5.6-mask.patch
+# 176926
+Patch9: ImageMagick-6.2.2-format-string-again.patch
Url: http://www.imagemagick.org/
Buildroot: %{_tmppath}/%{name}-%{version}-root
@@ -119,6 +121,7 @@
%patch6 -p1 -b .pkgconfig
%patch7 -p1 -b .fixed
%patch8 -p1 -b .mask
+%patch9 -p1 -b .format-string-again
%build
%configure --enable-shared \
@@ -228,6 +231,9 @@
%doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt
%changelog
+* Mon Jan 9 2006 Matthias Clasen <mclasen at redhat.com> 6.2.2.0-3.fc4.1
+- fix a format string vulnerability (CVE-2006-0082)
+
* Tue Jun 21 2005 Matthias Clasen <mclasen at redhat.com> = 6.2.2.0-3.fc4.0
- bump revision to make fc3->fc4 updates work (#160808)
More information about the fedora-cvs-commits
mailing list