rpms/dumb/devel dumb-0.9.3-CVE-2006-3668.patch, NONE, 1.1 dumb.spec, 1.2, 1.3
Hans de Goede (jwrdegoede)
fedora-extras-commits at redhat.com
Thu Jul 27 07:58:39 UTC 2006
- Previous message (by thread): rpms/exim/devel exim-4.43-pamconfig.patch, 1.1, 1.2 exim.pam, 1.1, 1.2 exim.spec, 1.23, 1.24
- Next message (by thread): rpms/dumb/FC-5 dumb-0.9.3-CVE-2006-3668.patch, NONE, 1.1 dumb.spec, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jwrdegoede
Update of /cvs/extras/rpms/dumb/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5391
Modified Files:
dumb.spec
Added Files:
dumb-0.9.3-CVE-2006-3668.patch
Log Message:
* Thu Jul 27 2006 Hans de Goede <j.w.r.degoede at hhs.nl> 0.9.3-4
- Fix CVE-2006-3668, thanks to Debian for the patch
dumb-0.9.3-CVE-2006-3668.patch:
--- NEW FILE dumb-0.9.3-CVE-2006-3668.patch ---
Index: libdumb-0.9.3/src/it/itread.c
===================================================================
--- libdumb-0.9.3.orig/src/it/itread.c 2006-07-21 11:05:48.000000000 +0200
+++ libdumb-0.9.3/src/it/itread.c 2006-07-21 11:07:22.000000000 +0200
@@ -292,6 +292,11 @@
envelope->flags = dumbfile_getc(f);
envelope->n_nodes = dumbfile_getc(f);
+ if(envelope->n_nodes > 25) {
+ TRACE("IT error: wrong number of envelope nodes (%d)\n", envelope->n_nodes);
+ envelope->n_nodes = 0;
+ return -1;
+ }
envelope->loop_start = dumbfile_getc(f);
envelope->loop_end = dumbfile_getc(f);
envelope->sus_loop_start = dumbfile_getc(f);
Index: dumb.spec
===================================================================
RCS file: /cvs/extras/rpms/dumb/devel/dumb.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- dumb.spec 29 Mar 2006 06:59:48 -0000 1.2
+++ dumb.spec 27 Jul 2006 07:58:39 -0000 1.3
@@ -1,12 +1,13 @@
Name: dumb
Version: 0.9.3
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: IT, XM, S3M and MOD player library
Group: System Environment/Libraries
License: GPL-Compatible
URL: http://dumb.sourceforge.net/
Source0: http://dl.sourceforge.net/sourceforge/%{name}/%{name}-%{version}.tar.gz
Source1: http://dl.sourceforge.net/sourceforge/%{name}/%{name}-%{version}-autotools.tar.gz
+Patch0: dumb-0.9.3-CVE-2006-3668.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: allegro-devel
@@ -29,6 +30,7 @@
%prep
%setup -q -b 01
+%patch0 -p1 -z .cve-2006-3668
%build
@@ -67,6 +69,9 @@
%changelog
+* Thu Jul 27 2006 Hans de Goede <j.w.r.degoede at hhs.nl> 0.9.3-4
+- Fix CVE-2006-3668, thanks to Debian for the patch
+
* Wed Mar 29 2006 Hans de Goede <j.w.r.degoede at hhs.nl> 0.9.3-3
- Add Requires: allegro-devel to -devel package
- Previous message (by thread): rpms/exim/devel exim-4.43-pamconfig.patch, 1.1, 1.2 exim.pam, 1.1, 1.2 exim.spec, 1.23, 1.24
- Next message (by thread): rpms/dumb/FC-5 dumb-0.9.3-CVE-2006-3668.patch, NONE, 1.1 dumb.spec, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list