rpms/ghostscript/F-7 ghostscript-CVE-2008-0411.patch, NONE, 1.1 ghostscript.spec, 1.137, 1.138
Tim Waugh (twaugh)
fedora-extras-commits at redhat.com
Wed Feb 27 17:18:28 UTC 2008
- Previous message (by thread): rpms/ghostscript/F-8 ghostscript-CVE-2008-0411.patch, NONE, 1.1 ghostscript.spec, 1.154, 1.155
- Next message (by thread): rpms/flex/devel .cvsignore, 1.4, 1.5 flex.spec, 1.53, 1.54 sources, 1.4, 1.5 flex-2.5.33-prototypes.patch, 1.1, NONE flex-2.5.34-testsuite.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: twaugh
Update of /cvs/pkgs/rpms/ghostscript/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9195
Modified Files:
ghostscript.spec
Added Files:
ghostscript-CVE-2008-0411.patch
Log Message:
* Wed Feb 27 2008 Tim Waugh <twaugh at redhat.com> 8.15.4-4
- Applied patch to fix CVE-2008-0411 (bug #431536).
ghostscript-CVE-2008-0411.patch:
--- NEW FILE ghostscript-CVE-2008-0411.patch ---
diff -up espgs-8.15.4/src/zicc.c.CVE-2008-0411 espgs-8.15.4/src/zicc.c
--- espgs-8.15.4/src/zicc.c.CVE-2008-0411 2005-01-19 04:08:41.000000000 +0000
+++ espgs-8.15.4/src/zicc.c 2008-02-27 17:16:15.000000000 +0000
@@ -80,6 +80,9 @@ zseticcspace(i_ctx_t * i_ctx_p)
dict_find_string(op, "N", &pnval);
ncomps = pnval->value.intval;
+ if (2*ncomps > sizeof(range_buff)/sizeof(float))
+ return_error(e_rangecheck);
+
/* verify the DataSource entry */
if (dict_find_string(op, "DataSource", &pstrmval) <= 0)
return_error(e_undefined);
Index: ghostscript.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ghostscript/F-7/ghostscript.spec,v
retrieving revision 1.137
retrieving revision 1.138
diff -u -r1.137 -r1.138
--- ghostscript.spec 17 Apr 2007 10:12:30 -0000 1.137
+++ ghostscript.spec 27 Feb 2008 17:17:52 -0000 1.138
@@ -5,7 +5,7 @@
Name: ghostscript
Version: %{gs_ver}
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPL
URL: http://www.cups.org/espgs/
@@ -24,6 +24,7 @@
Patch7: ghostscript-dvipdf.patch
Patch8: ghostscript-Fontmap.local.patch
Patch9: ghostscript-exactly-enable-cidfnmap.patch
+Patch10: ghostscript-CVE-2008-0411.patch
Requires: urw-fonts >= 1.1, ghostscript-fonts
BuildRequires: libjpeg-devel, libXt-devel
@@ -105,6 +106,8 @@
# (bug #163231).
%patch9 -p1 -b .exactly-enable-cidfnmap
+%patch10 -p1 -b .CVE-2008-0411
+
# Convert manual pages to UTF-8
from8859_1() {
iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
@@ -273,6 +276,9 @@
%{_libdir}/libgs.so
%changelog
+* Wed Feb 27 2008 Tim Waugh <twaugh at redhat.com> 8.15.4-4
+- Applied patch to fix CVE-2008-0411 (bug #431536).
+
* Tue Apr 17 2007 Tim Waugh <twaugh at redhat.com> 8.15.4-3
- Apply fonts in CIDFnmap even if the same fontnames are already registered
(bug #163231).
- Previous message (by thread): rpms/ghostscript/F-8 ghostscript-CVE-2008-0411.patch, NONE, 1.1 ghostscript.spec, 1.154, 1.155
- Next message (by thread): rpms/flex/devel .cvsignore, 1.4, 1.5 flex.spec, 1.53, 1.54 sources, 1.4, 1.5 flex-2.5.33-prototypes.patch, 1.1, NONE flex-2.5.34-testsuite.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list