rpms/yelp/F-8 yelp-2.20.0-CVE-2008-3533.patch, NONE, 1.1 yelp.spec, 1.122, 1.123

Matthew Barnes mbarnes at fedoraproject.org
Mon Aug 25 17:27:16 UTC 2008 

Author: mbarnes

Update of /cvs/pkgs/rpms/yelp/F-8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8905

Modified Files:
	yelp.spec 
Added Files:
	yelp-2.20.0-CVE-2008-3533.patch 
Log Message:

* Mon Aug 25 2008 Matthew Barnes <mbarnes at redhat.com> - 2.20.0-12
- Add patch for RH bug #459487 (format string vulnerability).


yelp-2.20.0-CVE-2008-3533.patch:

--- NEW FILE yelp-2.20.0-CVE-2008-3533.patch ---
diff -up yelp-2.20.0/src/yelp-window.c.CVE-2008-3533 yelp-2.20.0/src/yelp-window.c
--- yelp-2.20.0/src/yelp-window.c.CVE-2008-3533	2008-08-25 13:21:18.000000000 -0400
+++ yelp-2.20.0/src/yelp-window.c	2008-08-25 13:22:24.000000000 -0400
@@ -1133,10 +1133,10 @@ window_error (YelpWindow *window, gchar 
 	 GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
 	 GTK_MESSAGE_ERROR,
 	 GTK_BUTTONS_OK,
-	 title);
+	 "%s", title);
     gtk_message_dialog_format_secondary_markup
-	(GTK_MESSAGE_DIALOG (dialog), message);
-	 gtk_dialog_run (GTK_DIALOG (dialog));
+	(GTK_MESSAGE_DIALOG (dialog), "%s", message);
+    gtk_dialog_run (GTK_DIALOG (dialog));
 
     gtk_widget_destroy (dialog);
 }


Index: yelp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/yelp/F-8/yelp.spec,v
retrieving revision 1.122
retrieving revision 1.123
diff -u -r1.122 -r1.123
--- yelp.spec	16 Jul 2008 01:33:43 -0000	1.122
+++ yelp.spec	25 Aug 2008 17:26:45 -0000	1.123
@@ -20,7 +20,7 @@
 Summary: A system documentation reader from the Gnome project
 Name: yelp
 Version: 2.20.0
-Release: 11%{?dist}
+Release: 12%{?dist}
 Source: http://ftp.gnome.org/pub/GNOME/sources/yelp/2.19/%{name}-%{version}.tar.bz2
 URL: http://live.gnome.org/Yelp
 # http://bugzilla.gnome.org/show_bug.cgi?id=319096
@@ -32,6 +32,9 @@
 # http://bugzilla.gnome.org/show_bug.cgi?id=493751 
 Patch5: search-crash.patch
 
+# RH bug #459487 / CVE-2008-3533
+Patch6: yelp-2.20.0-CVE-2008-3533.patch
+
 # http://bugzilla.gnome.org/show_bug.cgi?id=431077 
 # XXX Does this no longer apply to yelp >= 2.19.1 ?
 #Patch8: yelp-2.18.1-posix-man.patch
@@ -91,6 +94,7 @@
 %patch3 -p1 -b .use-pango
 %patch4 -p1 -b .rarian-crash
 %patch5 -p1 -b .search-crash
+%patch6 -p1 -b .CVE-2008-3533
 
 #%patch8 -p1 -b .posix-man
 
@@ -156,6 +160,9 @@
 %{_datadir}/yelp
 
 %changelog
+* Mon Aug 25 2008 Matthew Barnes <mbarnes at redhat.com> - 2.20.0-12
+- Add patch for RH bug #459487 (format string vulnerability).
+
 * Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 2.20.0-11
 - Rebuild against newer gecko

More information about the fedora-extras-commits mailing list