rpms/cups/F-8 cups-CVE-2008-0047.patch, NONE, 1.1 cups-CVE-2008-1373.patch, NONE, 1.1 cups.spec, 1.386, 1.387
Tim Waugh (twaugh)
fedora-extras-commits at redhat.com
Tue Apr 1 15:53:32 UTC 2008
- Previous message (by thread): rpms/wxGTK/EL-4 wxGTK-2.8.7-race-fix.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 sources, 1.8, 1.9 wxGTK.spec, 1.34, 1.35 wxGTK-2.8.4-bad-g_free.patch, 1.1, NONE
- Next message (by thread): rpms/kernel/F-8 linux-2.6-isapnp-fix-limits.patch, NONE, 1.1 linux-2.6-pnp-extend-resource-limits.patch, NONE, 1.1 kernel.spec, 1.412, 1.413
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: twaugh
Update of /cvs/pkgs/rpms/cups/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29471
Modified Files:
cups.spec
Added Files:
cups-CVE-2008-0047.patch cups-CVE-2008-1373.patch
Log Message:
* Thu Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.6-4
- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).
- Applied patch to prevent heap-based buffer overflow in CUPS helper
program (bug #436153, CVE-2008-0047, STR #2729).
cups-CVE-2008-0047.patch:
--- NEW FILE cups-CVE-2008-0047.patch ---
diff -up cups-1.3.6/cgi-bin/search.c.CVE-2008-0047 cups-1.3.6/cgi-bin/search.c
--- cups-1.3.6/cgi-bin/search.c.CVE-2008-0047 2008-01-16 22:20:33.000000000 +0000
+++ cups-1.3.6/cgi-bin/search.c 2008-04-01 16:41:30.000000000 +0100
@@ -167,7 +167,9 @@ cgiCompileSearch(const char *query) /* I
* string + RE overhead...
*/
- wlen = (sptr - s) + 4 * wlen + 2 * strlen(prefix) + 4;
+ wlen = (sptr - s) + 2 * 4 * wlen + 2 * strlen(prefix) + 11;
+ if (lword)
+ wlen += strlen(lword);
if (wlen > slen)
{
cups-CVE-2008-1373.patch:
--- NEW FILE cups-CVE-2008-1373.patch ---
diff -up cups-1.3.6/filter/image-gif.c.CVE-2008-1373 cups-1.3.6/filter/image-gif.c
--- cups-1.3.6/filter/image-gif.c.CVE-2008-1373 2008-01-14 22:12:58.000000000 +0000
+++ cups-1.3.6/filter/image-gif.c 2008-04-01 16:43:22.000000000 +0100
@@ -38,6 +38,8 @@
#define GIF_INTERLACE 0x40
#define GIF_COLORMAP 0x80
+#define MAX_LWZ_BITS 12
+
typedef cups_ib_t gif_cmap_t[256][4];
typedef short gif_table_t[4096];
@@ -465,6 +467,9 @@ gif_read_image(FILE *fp, /* I -
if (!pixels)
return (-1);
+ if (code_size > MAX_LWZ_BITS)
+ return (-1);
+
if (gif_read_lzw(fp, 1, code_size) < 0)
{
free(pixels);
Index: cups.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cups/F-8/cups.spec,v
retrieving revision 1.386
retrieving revision 1.387
diff -u -r1.386 -r1.387
--- cups.spec 28 Feb 2008 22:34:17 -0000 1.386
+++ cups.spec 1 Apr 2008 15:52:57 -0000 1.387
@@ -6,7 +6,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.3.6
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}-source.tar.bz2
@@ -48,6 +48,8 @@
Patch25: cups-usb-paperout.patch
Patch26: cups-str2715.patch
Patch27: cups-str2727.patch
+Patch28: cups-CVE-2008-0047.patch
+Patch29: cups-CVE-2008-1373.patch
Patch100: cups-lspp.patch
Epoch: 1
Url: http://www.cups.org/
@@ -162,6 +164,8 @@
%patch25 -p1 -b .usb-paperout
%patch26 -p1 -b .str2715
%patch27 -p1 -b .str2727
+%patch28 -p1 -b .CVE-2008-0047
+%patch29 -p1 -b .CVE-2008-1373
%if %lspp
%patch100 -p1 -b .lspp
@@ -454,6 +458,11 @@
%{cups_serverbin}/daemon/cups-lpd
%changelog
+* Thu Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.6-4
+- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).
+- Applied patch to prevent heap-based buffer overflow in CUPS helper
+ program (bug #436153, CVE-2008-0047, STR #2729).
+
* Thu Feb 28 2008 Tim Waugh <twaugh at redhat.com> 1.3.6-3
- Apply upstream fix for Adobe JPEG files (bug #166460, STR #2727).
- Previous message (by thread): rpms/wxGTK/EL-4 wxGTK-2.8.7-race-fix.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 sources, 1.8, 1.9 wxGTK.spec, 1.34, 1.35 wxGTK-2.8.4-bad-g_free.patch, 1.1, NONE
- Next message (by thread): rpms/kernel/F-8 linux-2.6-isapnp-fix-limits.patch, NONE, 1.1 linux-2.6-pnp-extend-resource-limits.patch, NONE, 1.1 kernel.spec, 1.412, 1.413
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list