rpms/gnash/FC-5 gnash-CVE-2007-2500.patch, NONE, 1.1 gnash.spec, 1.4, 1.5
Patrice Dumas (pertusus)
fedora-extras-commits at redhat.com
Wed May 9 20:03:14 UTC 2007
Author: pertusus
Update of /cvs/extras/rpms/gnash/FC-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26104/FC-5
Modified Files:
gnash.spec
Added Files:
gnash-CVE-2007-2500.patch
Log Message:
* Wed May 9 2007 Patrice Dumas <pertusus at free.fr> 0.7.2-2
- fix CVE-2007-2500 (fix 239213)
gnash-CVE-2007-2500.patch:
--- NEW FILE gnash-CVE-2007-2500.patch ---
--- gnash-0.7.2.orig/server/parser/sprite_definition.cpp 2006-10-29 01:58:32.000000000 +0300
+++ gnash-0.7.2/server/parser/sprite_definition.cpp 2007-05-02 17:56:38.000000000 +0300
@@ -104,6 +104,8 @@
IF_VERBOSE_PARSE (
log_parse(" show_frame (sprite)");
);
+
+ assert(m_loading_frame < m_frame_count);
m_loading_frame++;
}
else if (_tag_loaders.get(tag_type, &lf))
Index: gnash.spec
===================================================================
RCS file: /cvs/extras/rpms/gnash/FC-5/gnash.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- gnash.spec 21 Nov 2006 16:31:25 -0000 1.4
+++ gnash.spec 9 May 2007 20:02:38 -0000 1.5
@@ -1,12 +1,13 @@
Name: gnash
Version: 0.7.2
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: GNU flash movie player
Group: Applications/Multimedia
License: GPL
URL: http://www.gnu.org/software/gnash/
Source0: http://ftp.gnu.org/gnu/gnash/%{version}/%{name}-%{version}.tar.bz2
+Patch0: gnash-CVE-2007-2500.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libxml2-devel libpng-devel libjpeg-devel libogg-devel
@@ -57,6 +58,7 @@
%prep
%setup -q
+%patch0 -p1
%build
[ -n "$QTDIR" ] || . %{_sysconfdir}/profile.d/qt.sh
@@ -126,6 +128,9 @@
%{_datadir}/services/klash_part.desktop
%changelog
+* Wed May 9 2007 Patrice Dumas <pertusus at free.fr> 0.7.2-2
+- fix CVE-2007-2500 (fix 239213)
+
* Sat Nov 6 2006 Patrice Dumas <pertusus at free.fr> 0.7.2-1
- update for 0.7.2 release.
More information about the fedora-extras-commits
mailing list