rpms/DevIL/F-11 DevIL-1.7.8-CVE-2009-3994.patch, NONE, 1.1 DevIL.spec, 1.14, 1.15 sources, 1.6, 1.7
Hans de Goede
jwrdegoede at fedoraproject.org
Fri Dec 4 12:10:24 UTC 2009
Author: jwrdegoede
Update of /cvs/extras/rpms/DevIL/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11255
Modified Files:
DevIL.spec sources
Added Files:
DevIL-1.7.8-CVE-2009-3994.patch
Log Message:
* Fri Dec 4 2009 Hans de Goede <hdegoede at redhat.com> 1.7.8-4
- Fix DICOM Processing Buffer Overflow Vulnerability CVE-2009-3994 (#542700)
DevIL-1.7.8-CVE-2009-3994.patch:
il_dicom.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- NEW FILE DevIL-1.7.8-CVE-2009-3994.patch ---
diff -up devil-1.7.8/src-IL/src/il_dicom.c~ devil-1.7.8/src-IL/src/il_dicom.c
--- devil-1.7.8/src-IL/src/il_dicom.c~ 2009-03-08 08:10:09.000000000 +0100
+++ devil-1.7.8/src-IL/src/il_dicom.c 2009-12-03 12:07:45.000000000 +0100
@@ -427,9 +427,11 @@ ILboolean GetUID(ILubyte *UID)
return IL_FALSE;
ValLen = GetLittleUShort();
+ if (ValLen > 64)
+ return IL_FALSE;
if (iread(UID, ValLen, 1) != 1)
return IL_FALSE;
- UID[64] = 0; // Just to make sure that our string is terminated.
+ UID[ValLen] = 0; // Just to make sure that our string is terminated.
return IL_TRUE;
}
Index: DevIL.spec
===================================================================
RCS file: /cvs/extras/rpms/DevIL/F-11/DevIL.spec,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -p -r1.14 -r1.15
--- DevIL.spec 9 Mar 2009 09:25:04 -0000 1.14
+++ DevIL.spec 4 Dec 2009 12:10:24 -0000 1.15
@@ -1,6 +1,6 @@
Name: DevIL
Version: 1.7.8
-Release: 1%{?dist}
+Release: 4%{?dist}
Summary: A cross-platform image library
Group: System Environment/Libraries
License: LGPLv2
@@ -8,6 +8,7 @@ URL: http://openil.sourceforg
Source0: http://downloads.sourceforge.net/openil/%{name}-%{version}.tar.gz
Patch0: DevIL-1.7.5-allegropicfix.patch
Patch1: DevIL-1.7.5-il_endian_h.patch
+Patch2: DevIL-1.7.8-CVE-2009-3994.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: allegro-devel
BuildRequires: lcms-devel
@@ -65,6 +66,7 @@ Development files for the libILUT compon
%setup -q -n devil-%{version}
%patch0 -p1
%patch1 -p1
+%patch2 -p1
iconv -f iso8859-1 CREDITS -t utf8 > CREDITS.conv
touch -r CREDITS CREDITS.conv
mv CREDITS.conv CREDITS
@@ -138,6 +140,15 @@ fi
%changelog
+* Fri Dec 4 2009 Hans de Goede <hdegoede at redhat.com> 1.7.8-4
+- Fix DICOM Processing Buffer Overflow Vulnerability CVE-2009-3994 (#542700)
+
+* Fri Aug 21 2009 Hans de Goede <hdegoede at redhat.com> 1.7.8-3
+- Switch Source0 to respun upstream tarbal (added a missing header)
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
* Mon Mar 9 2009 Hans de Goede <hdegoede at redhat.com> 1.7.8-1
- Update to latest upstream: 1.7.8
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/DevIL/F-11/sources,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -p -r1.6 -r1.7
--- sources 9 Mar 2009 09:25:04 -0000 1.6
+++ sources 4 Dec 2009 12:10:24 -0000 1.7
@@ -1 +1 @@
-963ab2ef991b5921b2a981502fe43e74 DevIL-1.7.8.tar.gz
+7918f215524589435e5ec2e8736d5e1d DevIL-1.7.8.tar.gz
More information about the fedora-extras-commits
mailing list