rpms/cups/F-10 cups-CVE-2008-5286.patch, NONE, 1.1 cups.spec, 1.448, 1.449
Tim Waugh
twaugh at fedoraproject.org
Wed Dec 3 12:44:09 UTC 2008
Author: twaugh
Update of /cvs/pkgs/rpms/cups/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32277
Modified Files:
cups.spec
Added Files:
cups-CVE-2008-5286.patch
Log Message:
1:1.3.9-4
cups-CVE-2008-5286.patch:
--- NEW FILE cups-CVE-2008-5286.patch ---
diff -up cups-1.3.9/filter/image-png.c.CVE-2008-5286 cups-1.3.9/filter/image-png.c
--- cups-1.3.9/filter/image-png.c.CVE-2008-5286 2008-07-11 23:48:49.000000000 +0100
+++ cups-1.3.9/filter/image-png.c 2008-12-03 12:23:14.000000000 +0000
@@ -178,7 +178,7 @@ _cupsImageReadPNG(
{
bufsize = img->xsize * img->ysize;
- if ((bufsize / img->ysize) != img->xsize)
+ if ((bufsize / img->xsize) != img->ysize)
{
fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
(unsigned)width, (unsigned)height);
@@ -190,7 +190,7 @@ _cupsImageReadPNG(
{
bufsize = img->xsize * img->ysize * 3;
- if ((bufsize / (img->ysize * 3)) != img->xsize)
+ if ((bufsize / (img->xsize * 3)) != img->ysize)
{
fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
(unsigned)width, (unsigned)height);
Index: cups.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cups/F-10/cups.spec,v
retrieving revision 1.448
retrieving revision 1.449
diff -u -r1.448 -r1.449
--- cups.spec 3 Dec 2008 12:19:42 -0000 1.448
+++ cups.spec 3 Dec 2008 12:43:38 -0000 1.449
@@ -7,7 +7,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.3.9
-Release: 3%{?svn:.svn%{svn}}%{?dist}
+Release: 4%{?svn:.svn%{svn}}%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}%{?svn:svn-r%{svn}}-source.tar.bz2
@@ -52,6 +52,7 @@
Patch25: cups-str2988.patch
Patch26: cups-str3023.patch
Patch27: cups-CVE-2008-5183.patch
+Patch28: cups-CVE-2008-5286.patch
Patch100: cups-lspp.patch
Epoch: 1
Url: http://www.cups.org/
@@ -192,6 +193,7 @@
%patch25 -p1 -b .str2988
%patch26 -p1 -b .str3023
%patch27 -p1 -b .CVE-2008-5183
+%patch28 -p1 -b .CVE-2008-5286
%if %lspp
%patch100 -p1 -b .lspp
@@ -483,11 +485,11 @@
%{_libdir}/php/modules/*.so
%changelog
-* Wed Dec 3 2008 Tim Waugh <twaugh at redhat.com>
+* Wed Dec 3 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.9-4
+- Applied patch to fix STR #2974 (bug #473905, CVE-2008-5286,
+ CVE-2008-1722).
- Applied patch to fix RSS subscription limiting (bug #473901,
CVE-2008-5183).
-
-* Wed Nov 26 2008 Tim Waugh <twaugh at redhat.com>
- Fixed cups-polld again for res_init (STR #3023, bug #354071).
- Added patch to avoid polling busy loop (STR #2988).
More information about the fedora-extras-commits
mailing list