rpms/ghostscript/devel ghostscript-CVE-2008-0411.patch, NONE, 1.1 ghostscript.spec, 1.162, 1.163
Tim Waugh (twaugh)
fedora-extras-commits at redhat.com
Wed Feb 27 17:10:28 UTC 2008
- Previous message (by thread): rpms/xorg-x11-server/devel .cvsignore, 1.34, 1.35 commitid, 1.7, 1.8 sources, 1.29, 1.30 xorg-x11-server.spec, 1.297, 1.298
- Next message (by thread): rpms/ghostscript/devel ghostscript.spec,1.163,1.164
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: twaugh
Update of /cvs/pkgs/rpms/ghostscript/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7811
Modified Files:
ghostscript.spec
Added Files:
ghostscript-CVE-2008-0411.patch
Log Message:
* Wed Feb 27 2008 Tim Waugh <twaugh at redhat.com> 8.61-10
- Applied patch to fix CVE-2008-0411 (bug #435147).
ghostscript-CVE-2008-0411.patch:
--- NEW FILE ghostscript-CVE-2008-0411.patch ---
diff -up ghostscript-8.61/src/zicc.c.CVE-2008-0411 ghostscript-8.61/src/zicc.c
--- ghostscript-8.61/src/zicc.c.CVE-2008-0411 2007-09-25 14:31:24.000000000 +0100
+++ ghostscript-8.61/src/zicc.c 2008-02-27 17:07:30.000000000 +0000
@@ -77,6 +77,9 @@ zseticcspace(i_ctx_t * i_ctx_p)
dict_find_string(op, "N", &pnval);
ncomps = pnval->value.intval;
+ if (2*ncomps > sizeof(range_buff)/sizeof(float))
+ return_error(e_rangecheck);
+
/* verify the DataSource entry */
if (dict_find_string(op, "DataSource", &pstrmval) <= 0)
return_error(e_undefined);
Index: ghostscript.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ghostscript/devel/ghostscript.spec,v
retrieving revision 1.162
retrieving revision 1.163
diff -u -r1.162 -r1.163
--- ghostscript.spec 22 Feb 2008 14:33:24 -0000 1.162
+++ ghostscript.spec 27 Feb 2008 17:09:53 -0000 1.163
@@ -5,7 +5,7 @@
Name: ghostscript
Version: %{gs_ver}
-Release: 9%{?dist}
+Release: 10%{?dist}
License: GPLv2
URL: http://www.ghostscript.com/
@@ -22,6 +22,7 @@
Patch6: ghostscript-runlibfileifexists.patch
Patch7: ghostscript-gsbug689577.patch
Patch8: ghostscript-system-jasper.patch
+Patch9: ghostscript-CVE-2008-0411.patch
Requires: urw-fonts >= 1.1, ghostscript-fonts
BuildRequires: libjpeg-devel, libXt-devel
@@ -100,6 +101,8 @@
%patch8 -p1 -b .system-jasper
+%patch9 -p1 -b .CVE-2008-0411
+
# Convert manual pages to UTF-8
from8859_1() {
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
@@ -270,6 +273,9 @@
%{_libdir}/libgs.so
%changelog
+* Wed Feb 27 2008 Tim Waugh <twaugh at redhat.com> 8.61-10
+- Applied patch to fix CVE-2008-0411 (bug #435147).
+
* Fri Feb 22 2008 Tim Waugh <twaugh at redhat.com> 8.61-9
- Build with jasper again (bug #433897). Build requires jasper-devel, and
a patch to remove jas_set_error_cb reference.
- Previous message (by thread): rpms/xorg-x11-server/devel .cvsignore, 1.34, 1.35 commitid, 1.7, 1.8 sources, 1.29, 1.30 xorg-x11-server.spec, 1.297, 1.298
- Next message (by thread): rpms/ghostscript/devel ghostscript.spec,1.163,1.164
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list