rpms/imlib2/EL-5 imlib2-1.4.0-CVE-2008-2426.patch, NONE, 1.1 imlib2.spec, 1.24, 1.25
Tomas Smetana (tsmetana)
fedora-extras-commits at redhat.com
Mon Jun 2 07:04:39 UTC 2008
- Previous message (by thread): rpms/imlib2/EL-4 imlib2-1.2.1-CVE-2008-2426.patch, NONE, 1.1 imlib2.spec, 1.12, 1.13
- Next message (by thread): rpms/gnome-commander/devel .cvsignore, 1.4, 1.5 gnome-commander.spec, 1.15, 1.16 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tsmetana
Update of /cvs/pkgs/rpms/imlib2/EL-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14731
Modified Files:
imlib2.spec
Added Files:
imlib2-1.4.0-CVE-2008-2426.patch
Log Message:
* Mon Jun 02 2008 Tomas Smetana <tsmetana at redhat.com> 1.3.0-5
- fix for CVE-2008-2426
imlib2-1.4.0-CVE-2008-2426.patch:
--- NEW FILE imlib2-1.4.0-CVE-2008-2426.patch ---
diff -up imlib2-1.4.0/src/modules/loaders/loader_xpm.c.CVE-2008-2426 imlib2-1.4.0/src/modules/loaders/loader_xpm.c
--- imlib2-1.4.0/src/modules/loaders/loader_xpm.c.CVE-2008-2426 2008-05-30 11:54:06.000000000 +0200
+++ imlib2-1.4.0/src/modules/loaders/loader_xpm.c 2008-05-30 11:54:40.000000000 +0200
@@ -284,7 +284,7 @@ load(ImlibImage * im, ImlibProgressFunct
if (line[k] != ' ')
{
s[0] = 0;
- sscanf(&line[k], "%65535s", s);
+ sscanf(&line[k], "%255s", s);
slen = strlen(s);
k += slen;
if (!strcmp(s, "c"))
Index: imlib2.spec
===================================================================
RCS file: /cvs/pkgs/rpms/imlib2/EL-5/imlib2.spec,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- imlib2.spec 8 Apr 2008 08:00:46 -0000 1.24
+++ imlib2.spec 2 Jun 2008 07:02:43 -0000 1.25
@@ -1,7 +1,7 @@
Summary: Image loading, saving, rendering, and manipulation library
Name: imlib2
Version: 1.3.0
-Release: 4%{?dist}
+Release: 5%{?dist}
License: BSD
Group: System Environment/Libraries
URL: http://www.enlightenment.org/Libraries/Imlib2/
@@ -9,6 +9,7 @@
Patch0: imlib2-1.2.1-X11-path.patch
Patch1: imlib2-1.3.0-multilib.patch
Patch2: imlib2-1.3.0-loader_overflows.patch
+Patch3: imlib2-1.4.0-CVE-2008-2426.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
BuildRequires: libjpeg-devel libpng-devel libtiff-devel
BuildRequires: giflib-devel freetype-devel >= 2.1.9-4 libtool bzip2-devel
@@ -47,6 +48,7 @@
%patch0 -p1 -b .x11-path
%patch1 -p1 -b .multilib
%patch2 -p1 -b .overflow
+%patch3 -p1 -b .CVE-2008-2426
# sigh stop autoxxx from rerunning because of our patches above.
touch aclocal.m4
touch configure
@@ -113,6 +115,9 @@
%changelog
+* Mon Jun 02 2008 Tomas Smetana <tsmetana at redhat.com> 1.3.0-5
+- fix for CVE-2008-2426
+
* Tue Apr 08 2008 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> 1.3.0-4
- disable amd64 optimization (#441317)
- Previous message (by thread): rpms/imlib2/EL-4 imlib2-1.2.1-CVE-2008-2426.patch, NONE, 1.1 imlib2.spec, 1.12, 1.13
- Next message (by thread): rpms/gnome-commander/devel .cvsignore, 1.4, 1.5 gnome-commander.spec, 1.15, 1.16 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list