rpms/koffice/devel koffice-xpdf-CVE-2007-3387.diff, NONE, 1.1 koffice.spec, 1.63, 1.64 koffice-1.6.3-nodisplay.patch, 1.1, NONE
Rex Dieter (rdieter)
fedora-extras-commits at redhat.com
Mon Aug 13 18:45:59 UTC 2007
Author: rdieter
Update of /cvs/pkgs/rpms/koffice/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3990
Modified Files:
koffice.spec
Added Files:
koffice-xpdf-CVE-2007-3387.diff
Removed Files:
koffice-1.6.3-nodisplay.patch
Log Message:
* Mon Aug 13 2007 Rex Dieter <rdieter[AT]fedoraproject.org>
1.6.3-9
- CVE-2007-3387 (#251522, #251524)
koffice-xpdf-CVE-2007-3387.diff:
--- NEW FILE koffice-xpdf-CVE-2007-3387.diff ---
--- filters/kword/pdf/xpdf/xpdf/Stream.cc
+++ filters/kword/pdf/xpdf/xpdf/Stream.cc
@@ -413,13 +413,11 @@ StreamPredictor::StreamPredictor(Stream
predLine = NULL;
ok = gFalse;
- if (width <= 0 || nComps <= 0 || nBits <= 0 ||
- nComps >= INT_MAX / nBits ||
- width >= INT_MAX / nComps / nBits)
- return;
-
nVals = width * nComps;
- if (nVals * nBits + 7 <= 0)
+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+ nComps >= 4 || nBits > 16 ||
+ width >= INT_MAX / nComps ||
+ nVals >= (INT_MAX - 7) / nBits)
return;
pixBytes = (nComps * nBits + 7) >> 3;
Index: koffice.spec
===================================================================
RCS file: /cvs/pkgs/rpms/koffice/devel/koffice.spec,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- koffice.spec 13 Aug 2007 16:42:04 -0000 1.63
+++ koffice.spec 13 Aug 2007 18:45:27 -0000 1.64
@@ -1,7 +1,7 @@
Name: koffice
Version: 1.6.3
-Release: 8%{?dist}
+Release: 9%{?dist}
Summary: A free, integrated office suite for KDE
Group: Applications/Productivity
@@ -13,6 +13,9 @@
Source100: koshell.png
+# http://www.kde.org/info/security/advisory-20070730-1.txt
+Patch1: ftp://ftp.kde.org/pub/kde/security_patches/koffice-xpdf-CVE-2007-3387.diff
+
# BuildRequires: world-devel ;)
BuildRequires: kdebase-devel
BuildRequires: kdelibs-devel
@@ -235,6 +238,8 @@
%prep
%setup -q
+%patch1 -p0 -b .CVE-2007-3387
+
%build
unset QTDIR || : ; . /etc/profile.d/qt.sh
@@ -691,6 +696,10 @@
%changelog
* Mon Aug 13 2007 Rex Dieter <rdieter[AT]fedoraproject.org>
+1.6.3-9
+- CVE-2007-3387 (#251522, #251524)
+
+* Mon Aug 13 2007 Rex Dieter <rdieter[AT]fedoraproject.org>
1.6.3-8
- License: GPLv2+
- -libs: move libk*common.so.* here
--- koffice-1.6.3-nodisplay.patch DELETED ---
More information about the fedora-extras-commits
mailing list