rpms/speex/devel speex-1.2-CVE-2008-1686.diff, NONE, 1.1 speex.spec, 1.23, 1.24
Tomas Hoger (thoger)
fedora-extras-commits at redhat.com
Tue Apr 15 15:44:00 UTC 2008
- Previous message (by thread): rpms/speex/F-8 speex-1.2-CVE-2008-1686.diff, NONE, 1.1 speex.spec, 1.19, 1.20
- Next message (by thread): rpms/openoffice.org/devel openoffice.org-3.0.0.ooo88303.vcl.dynamicfontoptions.patch, NONE, 1.1 .cvsignore, 1.156, 1.157 openoffice.org.spec, 1.1478, 1.1479 sources, 1.281, 1.282
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/extras/rpms/speex/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27734/devel
Modified Files:
speex.spec
Added Files:
speex-1.2-CVE-2008-1686.diff
Log Message:
Add mode checks to speex_packet_to_header() to protect applications
using speex library and not having proper checks
(CVE-2008-1686, #441239, https://trac.xiph.org/changeset/14701)
speex-1.2-CVE-2008-1686.diff:
--- NEW FILE speex-1.2-CVE-2008-1686.diff ---
Patch for CVE-2008-1686, see:
https://trac.xiph.org/changeset/14701
http://www.ocert.org/advisories/ocert-2008-2.html
diff -pruN speex-1.2beta2.orig/libspeex/speex_header.c speex-1.2beta2/libspeex/speex_header.c
--- speex-1.2beta2.orig/libspeex/speex_header.c 2007-03-18 13:25:09.000000000 +0100
+++ speex-1.2beta2/libspeex/speex_header.c 2008-04-15 17:15:18.000000000 +0200
@@ -161,6 +161,13 @@ SpeexHeader *speex_packet_to_header(char
ENDIAN_SWITCH(le_header->frames_per_packet);
ENDIAN_SWITCH(le_header->extra_headers);
+ if (le_header->mode >= SPEEX_NB_MODES || le_header->mode < 0)
+ {
+ speex_warning ("Invalid mode specified in Speex header");
+ speex_free (le_header);
+ return NULL;
+ }
+
return le_header;
}
Index: speex.spec
===================================================================
RCS file: /cvs/extras/rpms/speex/devel/speex.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- speex.spec 31 Mar 2008 06:50:46 -0000 1.23
+++ speex.spec 15 Apr 2008 15:43:22 -0000 1.24
@@ -1,7 +1,7 @@
Summary: A voice compression format (codec)
Name: speex
Version: 1.2
-Release: 0.6.beta3
+Release: 0.7.beta3
License: BSD
Group: System Environment/Libraries
URL: http://www.speex.org/
@@ -12,6 +12,7 @@
# don't build unneded test programs, since they seem to cause
# build failures
Patch0: speex-1.2beta1-test-progs.patch
+Patch1: speex-1.2-CVE-2008-1686.diff
%description
Speex is a patent-free compression format designed especially for
@@ -42,6 +43,7 @@
%prep
%setup -q -n speex-1.2beta3
%patch0 -p1 -b .test-progs
+%patch1 -p1 -b .CVE-2008-1686
chmod a-x README
%build
@@ -90,6 +92,11 @@
%{_mandir}/man1/speexdec.1*
%changelog
+* Tue Apr 15 2008 Tomas Hoger <thoger at redhat.com> - 1.2-0.7.beta3
+- Security update: Add mode checks to speex_packet_to_header() to protect
+ applications using speex library and not having proper checks
+ (CVE-2008-1686, #441239, https://trac.xiph.org/changeset/14701)
+
* Mon Mar 31 2008 Marcela Maslanova <mmaslano at redhat.com> - 1.2-0.6.beta3
- 439284 add owner to %{_defaultdocdir}/speex
- Previous message (by thread): rpms/speex/F-8 speex-1.2-CVE-2008-1686.diff, NONE, 1.1 speex.spec, 1.19, 1.20
- Next message (by thread): rpms/openoffice.org/devel openoffice.org-3.0.0.ooo88303.vcl.dynamicfontoptions.patch, NONE, 1.1 .cvsignore, 1.156, 1.157 openoffice.org.spec, 1.1478, 1.1479 sources, 1.281, 1.282
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list