From: | "Peter Volkov (pva)" <pva@g.o> |
---|---|
To: | gentoo-commits@l.g.o |
Subject: | [gentoo-commits] gentoo-x86 commit in app-text/ghostscript-gnu/files: ghostscript-8.60-CVE-2008-0411.diff |
Date: | Fri, 29 Feb 2008 12:02:44 |
Message-Id: | E1JV3wn-0003aj-61@stork.gentoo.org |
1 | pva 08/02/29 12:02:41 |
2 | |
3 | Added: ghostscript-8.60-CVE-2008-0411.diff |
4 | Log: |
5 | Fixed security issue (CVE-2008-0411), bug #208999, thank Robert Buchholz for report and coordination. |
6 | (Portage version: 2.1.4.4, RepoMan options: --force) |
7 | |
8 | Revision Changes Path |
9 | 1.1 app-text/ghostscript-gnu/files/ghostscript-8.60-CVE-2008-0411.diff |
10 | |
11 | file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-text/ghostscript-gnu/files/ghostscript-8.60-CVE-2008-0411.diff?rev=1.1&view=markup |
12 | plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-text/ghostscript-gnu/files/ghostscript-8.60-CVE-2008-0411.diff?rev=1.1&content-type=text/plain |
13 | |
14 | Index: ghostscript-8.60-CVE-2008-0411.diff |
15 | =================================================================== |
16 | --- src/zicc.c |
17 | +++ src/zicc.c 2008-02-05 16:11:59.000000000 +0000 |
18 | @@ -77,6 +77,9 @@ zseticcspace(i_ctx_t * i_ctx_p) |
19 | dict_find_string(op, "N", &pnval); |
20 | ncomps = pnval->value.intval; |
21 | |
22 | + if (2*ncomps > sizeof(range_buff)/sizeof(float)) |
23 | + return_error(e_rangecheck); |
24 | + |
25 | /* verify the DataSource entry */ |
26 | if (dict_find_string(op, "DataSource", &pstrmval) <= 0) |
27 | return_error(e_undefined); |
28 | |
29 | |
30 | |
31 | -- |
32 | gentoo-commits@l.g.o mailing list |