rpms/gnash/FC-6 gnash-CVE-2007-2500.patch, NONE, 1.1 gnash.spec, 1.5, 1.6

Patrice Dumas (pertusus) fedora-extras-commits at redhat.com
Wed May 9 20:03:24 UTC 2007 

Author: pertusus

Update of /cvs/extras/rpms/gnash/FC-6
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26104/FC-6

Modified Files:
	gnash.spec 
Added Files:
	gnash-CVE-2007-2500.patch 
Log Message:
* Wed May  9 2007 Patrice Dumas <pertusus at free.fr> 0.7.2-2
- fix CVE-2007-2500 (fix 239213)


gnash-CVE-2007-2500.patch:

--- NEW FILE gnash-CVE-2007-2500.patch ---
--- gnash-0.7.2.orig/server/parser/sprite_definition.cpp	2006-10-29 01:58:32.000000000 +0300
+++ gnash-0.7.2/server/parser/sprite_definition.cpp	2007-05-02 17:56:38.000000000 +0300
@@ -104,6 +104,8 @@
 			IF_VERBOSE_PARSE (
 		    log_parse("  show_frame (sprite)");
 		    	);
+
+		    assert(m_loading_frame < m_frame_count);
 		    m_loading_frame++;
 		}
 		else if (_tag_loaders.get(tag_type, &lf))


Index: gnash.spec
===================================================================
RCS file: /cvs/extras/rpms/gnash/FC-6/gnash.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- gnash.spec	10 Mar 2007 22:40:08 -0000	1.5
+++ gnash.spec	9 May 2007 20:02:48 -0000	1.6
@@ -1,12 +1,13 @@
 Name:           gnash
 Version:        0.7.2
-Release:        1%{?dist}.1
+Release:        2%{?dist}
 Summary:        GNU flash movie player
 
 Group:          Applications/Multimedia
 License:        GPL
 URL:            http://www.gnu.org/software/gnash/
 Source0:        http://ftp.gnu.org/gnu/gnash/%{version}/%{name}-%{version}.tar.bz2
+Patch0:         gnash-CVE-2007-2500.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  libxml2-devel libpng-devel libjpeg-devel libogg-devel
@@ -57,6 +58,7 @@
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 [ -n "$QTDIR" ] || . %{_sysconfdir}/profile.d/qt.sh
@@ -126,7 +128,10 @@
 %{_datadir}/services/klash_part.desktop
 
 %changelog
-* Sat Nov  6 2006 Patrice Dumas <pertusus at free.fr> 0.7.2-1.1
+* Wed May  9 2007 Patrice Dumas <pertusus at free.fr> 0.7.2-2
+- fix CVE-2007-2500 (fix 239213)
+
+* Sat Nov  6 2006 Patrice Dumas <pertusus at free.fr> 0.7.2-1
 - update for 0.7.2 release.
 
 * Thu Oct 05 2006 Christian Iseli <Christian.Iseli at licr.org> 0.7.1-9

More information about the fedora-extras-commits mailing list