rpms/cups/devel cups-CVE-2008-0047.patch, NONE, 1.1 cups-CVE-2008-1373.patch, NONE, 1.1 cups.spec, 1.405, 1.406
Tim Waugh (twaugh)
fedora-extras-commits at redhat.com
Tue Apr 1 15:48:54 UTC 2008
- Previous message (by thread): rpms/kdemultimedia/devel kdemultimedia.spec,1.104,1.105
- Next message (by thread): rpms/wxGTK/EL-4 wxGTK-2.8.7-race-fix.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 sources, 1.8, 1.9 wxGTK.spec, 1.34, 1.35 wxGTK-2.8.4-bad-g_free.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: twaugh
Update of /cvs/pkgs/rpms/cups/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29111
Modified Files:
cups.spec
Added Files:
cups-CVE-2008-0047.patch cups-CVE-2008-1373.patch
Log Message:
* Thu Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.6-9
- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).
- Applied patch to prevent heap-based buffer overflow in CUPS helper
program (bug #436153, CVE-2008-0047, STR #2729).
cups-CVE-2008-0047.patch:
--- NEW FILE cups-CVE-2008-0047.patch ---
diff -up cups-1.3.6/cgi-bin/search.c.CVE-2008-0047 cups-1.3.6/cgi-bin/search.c
--- cups-1.3.6/cgi-bin/search.c.CVE-2008-0047 2008-01-16 22:20:33.000000000 +0000
+++ cups-1.3.6/cgi-bin/search.c 2008-04-01 16:41:30.000000000 +0100
@@ -167,7 +167,9 @@ cgiCompileSearch(const char *query) /* I
* string + RE overhead...
*/
- wlen = (sptr - s) + 4 * wlen + 2 * strlen(prefix) + 4;
+ wlen = (sptr - s) + 2 * 4 * wlen + 2 * strlen(prefix) + 11;
+ if (lword)
+ wlen += strlen(lword);
if (wlen > slen)
{
cups-CVE-2008-1373.patch:
--- NEW FILE cups-CVE-2008-1373.patch ---
diff -up cups-1.3.6/filter/image-gif.c.CVE-2008-1373 cups-1.3.6/filter/image-gif.c
--- cups-1.3.6/filter/image-gif.c.CVE-2008-1373 2008-01-14 22:12:58.000000000 +0000
+++ cups-1.3.6/filter/image-gif.c 2008-04-01 16:43:22.000000000 +0100
@@ -38,6 +38,8 @@
#define GIF_INTERLACE 0x40
#define GIF_COLORMAP 0x80
+#define MAX_LWZ_BITS 12
+
typedef cups_ib_t gif_cmap_t[256][4];
typedef short gif_table_t[4096];
@@ -465,6 +467,9 @@ gif_read_image(FILE *fp, /* I -
if (!pixels)
return (-1);
+ if (code_size > MAX_LWZ_BITS)
+ return (-1);
+
if (gif_read_lzw(fp, 1, code_size) < 0)
{
free(pixels);
Index: cups.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cups/devel/cups.spec,v
retrieving revision 1.405
retrieving revision 1.406
diff -u -r1.405 -r1.406
--- cups.spec 1 Apr 2008 12:05:26 -0000 1.405
+++ cups.spec 1 Apr 2008 15:48:12 -0000 1.406
@@ -7,7 +7,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.3.6
-Release: 8%{?svn:.svn%{svn}}%{?dist}
+Release: 9%{?svn:.svn%{svn}}%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}%{?svn:svn-r%{svn}}-source.tar.bz2
@@ -48,6 +48,8 @@
Patch25: cups-usb-paperout.patch
Patch26: cups-str2715.patch
Patch27: cups-str2727.patch
+Patch28: cups-CVE-2008-0047.patch
+Patch29: cups-CVE-2008-1373.patch
Patch100: cups-lspp.patch
Epoch: 1
Url: http://www.cups.org/
@@ -165,6 +167,8 @@
%patch25 -p1 -b .usb-paperout
%patch26 -p1 -b .str2715
%patch27 -p1 -b .str2727
+%patch28 -p1 -b .CVE-2008-0047
+%patch29 -p1 -b .CVE-2008-1373
%if %lspp
%patch100 -p1 -b .lspp
@@ -441,6 +445,11 @@
%{cups_serverbin}/daemon/cups-lpd
%changelog
+* Thu Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.6-9
+- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).
+- Applied patch to prevent heap-based buffer overflow in CUPS helper
+ program (bug #436153, CVE-2008-0047, STR #2729).
+
* Thu Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.6-8
- Ship a few doc files (bug #438598).
- Previous message (by thread): rpms/kdemultimedia/devel kdemultimedia.spec,1.104,1.105
- Next message (by thread): rpms/wxGTK/EL-4 wxGTK-2.8.7-race-fix.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 sources, 1.8, 1.9 wxGTK.spec, 1.34, 1.35 wxGTK-2.8.4-bad-g_free.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list