[gentoo-commits] gentoo-x86 commit in media-libs/imlib2/files: imlib2-1.4.0-CVE-2008-2426.patch - gentoo-commits

From:	"Mike Frysinger (vapier)" <vapier@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in media-libs/imlib2/files: imlib2-1.4.0-CVE-2008-2426.patch
Date:	Sat, 31 May 2008 05:47:19
Message-Id:	`E1K2Jvt-0004qE-Bz@stork.gentoo.org`

1

vapier      08/05/31 05:47:13

2

3

  Added:                imlib2-1.4.0-CVE-2008-2426.patch

4

  Log:

5

  Add fixes from upstream for CVE-2008-2426 #223965.

6

  (Portage version: 2.2_pre5.spank.spunk)

7

8

Revision  Changes    Path

9

1.1                  media-libs/imlib2/files/imlib2-1.4.0-CVE-2008-2426.patch

10

11

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/imlib2/files/imlib2-1.4.0-CVE-2008-2426.patch?rev=1.1&view=markup

12

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/imlib2/files/imlib2-1.4.0-CVE-2008-2426.patch?rev=1.1&content-type=text/plain

13

14

Index: imlib2-1.4.0-CVE-2008-2426.patch

15

===================================================================

16

fix from upstream for security issue

17

http://bugs.gentoo.org/223965

18

19

----------------------------

20

revision 1.9

21

date: 2008/05/27 14:35:17;  author: raster;  state: Exp;  lines: +1 -1

22

23

2 possible security vulns fixed. should probably release new version with

24

these.

25

26

Index: imlib2/src/modules/loaders/loader_xpm.c

27

===================================================================

28

RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_xpm.c,v

29

retrieving revision 1.8

30

retrieving revision 1.9

31

diff -u -p -r1.8 -r1.9

32

--- imlib2/src/modules/loaders/loader_xpm.c	25 Aug 2007 02:07:08 -0000	1.8

33

+++ imlib2/src/modules/loaders/loader_xpm.c	27 May 2008 14:35:17 -0000	1.9

34

@@ -286,7 +286,7 @@ load(ImlibImage * im, ImlibProgressFunct

35

                                  if (line[k] != ' ')

36

{

37

                                       s[0] = 0;

38

-                                      sscanf(&line[k], "%65535s", s);

39

+                                      sscanf(&line[k], "%255s", s);

40

                                       slen = strlen(s);

41

                                       k += slen;

42

                                       if (!strcmp(s, "c"))

43

44

----------------------------

45

revision 1.5

46

date: 2008/05/27 14:35:17;  author: raster;  state: Exp;  lines: +1 -1

47

48

2 possible security vulns fixed. should probably release new version with

49

these.

50

51

Index: imlib2/src/modules/loaders/loader_pnm.c

52

===================================================================

53

RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_pnm.c,v

54

retrieving revision 1.4

55

retrieving revision 1.5

56

diff -u -p -r1.4 -r1.5

57

--- imlib2/src/modules/loaders/loader_pnm.c	9 Apr 2007 12:55:29 -0000	1.4

58

+++ imlib2/src/modules/loaders/loader_pnm.c	27 May 2008 14:35:17 -0000	1.5

59

@@ -68,7 +68,7 @@ load(ImlibImage * im, ImlibProgressFunct

60

              int                 i = 0;

61

62

              /* read numbers */

63

-             while (c != EOF && !isspace(c))

64

+             while (c != EOF && !isspace(c) && (i < 255))

65

{

66

                   buf[i++] = c;

67

                   c = fgetc(f);

--

72

gentoo-commits@l.g.o mailing list

1	vapier 08/05/31 05:47:13
2
3	Added: imlib2-1.4.0-CVE-2008-2426.patch
4	Log:
5	Add fixes from upstream for CVE-2008-2426 #223965.
6	(Portage version: 2.2_pre5.spank.spunk)
7
8	Revision Changes Path
9	1.1 media-libs/imlib2/files/imlib2-1.4.0-CVE-2008-2426.patch
10
11	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/imlib2/files/imlib2-1.4.0-CVE-2008-2426.patch?rev=1.1&view=markup
12	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/imlib2/files/imlib2-1.4.0-CVE-2008-2426.patch?rev=1.1&content-type=text/plain
13
14	Index: imlib2-1.4.0-CVE-2008-2426.patch
15	===================================================================
16	fix from upstream for security issue
17	http://bugs.gentoo.org/223965
18
19	----------------------------
20	revision 1.9
21	date: 2008/05/27 14:35:17; author: raster; state: Exp; lines: +1 -1
22
23	2 possible security vulns fixed. should probably release new version with
24	these.
25
26	Index: imlib2/src/modules/loaders/loader_xpm.c
27	===================================================================
28	RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_xpm.c,v
29	retrieving revision 1.8
30	retrieving revision 1.9
31	diff -u -p -r1.8 -r1.9
32	--- imlib2/src/modules/loaders/loader_xpm.c 25 Aug 2007 02:07:08 -0000 1.8
33	+++ imlib2/src/modules/loaders/loader_xpm.c 27 May 2008 14:35:17 -0000 1.9
34	@@ -286,7 +286,7 @@ load(ImlibImage * im, ImlibProgressFunct
35	if (line[k] != ' ')
36	{
37	s[0] = 0;
38	- sscanf(&line[k], "%65535s", s);
39	+ sscanf(&line[k], "%255s", s);
40	slen = strlen(s);
41	k += slen;
42	if (!strcmp(s, "c"))
43
44	----------------------------
45	revision 1.5
46	date: 2008/05/27 14:35:17; author: raster; state: Exp; lines: +1 -1
47
48	2 possible security vulns fixed. should probably release new version with
49	these.
50
51	Index: imlib2/src/modules/loaders/loader_pnm.c
52	===================================================================
53	RCS file: /cvs/e/e17/libs/imlib2/src/modules/loaders/loader_pnm.c,v
54	retrieving revision 1.4
55	retrieving revision 1.5
56	diff -u -p -r1.4 -r1.5
57	--- imlib2/src/modules/loaders/loader_pnm.c 9 Apr 2007 12:55:29 -0000 1.4
58	+++ imlib2/src/modules/loaders/loader_pnm.c 27 May 2008 14:35:17 -0000 1.5
59	@@ -68,7 +68,7 @@ load(ImlibImage * im, ImlibProgressFunct
60	int i = 0;
61
62	/* read numbers */
63	- while (c != EOF && !isspace(c))
64	+ while (c != EOF && !isspace(c) && (i < 255))
65	{
66	buf[i++] = c;
67	c = fgetc(f);
68
69
70
71	--
72	gentoo-commits@l.g.o mailing list

Gentoo Archives: gentoo-commits