rpms/imlib2/EL-4 imlib2-1.2.1-CVE-2008-2426.patch, NONE, 1.1 imlib2.spec, 1.12, 1.13

Tomas Smetana (tsmetana) fedora-extras-commits at redhat.com
Mon Jun 2 06:56:06 UTC 2008 

Author: tsmetana

Update of /cvs/pkgs/rpms/imlib2/EL-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8118

Modified Files:
	imlib2.spec 
Added Files:
	imlib2-1.2.1-CVE-2008-2426.patch 
Log Message:
* Mon Jun 02 2008 Tomas Smetana <tsmetana at redhat.com> 1.2.1-4
- fix for CVE-2008-2426


imlib2-1.2.1-CVE-2008-2426.patch:

--- NEW FILE imlib2-1.2.1-CVE-2008-2426.patch ---
diff -up imlib2-1.2.1/src/modules/loaders/loader_xpm.c.CVE-2008-2426 imlib2-1.2.1/src/modules/loaders/loader_xpm.c
--- imlib2-1.2.1/src/modules/loaders/loader_xpm.c.CVE-2008-2426	2008-06-02 08:48:26.000000000 +0200
+++ imlib2-1.2.1/src/modules/loaders/loader_xpm.c	2008-06-02 08:50:07.000000000 +0200
@@ -272,7 +272,7 @@ load(ImlibImage * im, ImlibProgressFunct
                                  if (line[k] != ' ')
                                    {
                                       s[0] = 0;
-                                      sscanf(&line[k], "%65535s", s);
+                                      sscanf(&line[k], "%255s", s);
                                       slen = strlen(s);
                                       k += slen;
                                       if (!strcmp(s, "c"))


Index: imlib2.spec
===================================================================
RCS file: /cvs/pkgs/rpms/imlib2/EL-4/imlib2.spec,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- imlib2.spec	8 Apr 2008 08:00:28 -0000	1.12
+++ imlib2.spec	2 Jun 2008 06:54:59 -0000	1.13
@@ -1,12 +1,13 @@
 Summary:	Image loading, saving, rendering, and manipulation library
 Name:		imlib2
 Version:	1.2.1
-Release:	3%{?dist}
+Release:	4%{?dist}
 License:	BSD
 Group:		System Environment/Libraries
 URL:		http://www.enlightenment.org/Libraries/Imlib2/
 Source0:	http://download.sf.net/enlightenment/%{name}-%{version}.tar.gz
 Patch0:		imlib2-1.3.0-loader_overflows.patch
+Patch1:		imlib2-1.2.1-CVE-2008-2426.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires:	XFree86-devel libjpeg-devel libpng-devel libtiff-devel
 BuildRequires:	libungif-devel freetype-devel libtool bzip2-devel %{__perl}
@@ -42,6 +43,7 @@
 %prep
 %setup -q
 %patch0 -p1 -b .overflow
+%patch1 -p1 -b .CVE-2008-2426
 
 
 %build
@@ -117,6 +119,9 @@
 
 
 %changelog
+* Mon Jun 02 2008 Tomas Smetana <tsmetana at redhat.com> 1.2.1-4
+- fix for CVE-2008-2426
+
 * Tue Apr 08 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> 1.2.1-3
 - disable amd64 optimization (#441317)

More information about the fedora-extras-commits mailing list