diff options
| author | Treeve Jelbert | 2007-08-01 17:13:28 +0200 |
|---|---|---|
| committer | Eric Sandall | 2007-08-01 09:55:35 -0700 |
| commit | 126027057124716318e895fd99a68377bdaf04db (patch) | |
| tree | e87b3c28b7f4e754c5857a16861b04c9f42efde2 | |
| parent | 40febe8d0f913a5812c2a8dc844724b8a1009bc8 (diff) | |
kdegraphics - fix CVE-2007-3387
(cherry picked from commit a9a185d01a2c6958f97be4c8cf0f85f2600dac7d)
| -rwxr-xr-x | kde-core/kdegraphics/DETAILS | 2 | ||||
| -rw-r--r-- | kde-core/kdegraphics/HISTORY | 7 | ||||
| -rwxr-xr-x | kde-core/kdegraphics/PRE_BUILD | 3 | ||||
| -rw-r--r-- | kde-core/kdegraphics/post-3.5.7-kdegraphics-CVE-2007-3387.diff | 17 |
4 files changed, 28 insertions, 1 deletions
diff --git a/kde-core/kdegraphics/DETAILS b/kde-core/kdegraphics/DETAILS index 585d72039d..a558d2fb04 100755 --- a/kde-core/kdegraphics/DETAILS +++ b/kde-core/kdegraphics/DETAILS @@ -8,7 +8,7 @@ SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION SOURCE_URL[0]=$KDE_URL/stable/${VERSION//.0/}/src/$SOURCE WEB_SITE=http://www.kde.org ENTERED=20010922 - SECURITY_PATCH=2 + SECURITY_PATCH=3 LICENSE[0]=GPL KEYWORDS="kde" SHORT="Graphics related programs for KDE." diff --git a/kde-core/kdegraphics/HISTORY b/kde-core/kdegraphics/HISTORY index 223643237a..c8971d1d23 100644 --- a/kde-core/kdegraphics/HISTORY +++ b/kde-core/kdegraphics/HISTORY @@ -1,3 +1,10 @@ +2007-08-01 Treeve Jelbert <treeve@sourcemage.org> + * DETAILS: SECURITY_PATCH++ + * PRE_BUILD, post-3.5.7-kdegraphics-CVE-2007-3387.diff + see + http://www.kde.org/info/security/advisory-20070730-1.txt + fixes bug #13916 + 2007-05-23 Jaka Kranjc <lynxlynxlynx@sourcemage.org> * DETAILS: updated spell to 3.5.7 diff --git a/kde-core/kdegraphics/PRE_BUILD b/kde-core/kdegraphics/PRE_BUILD new file mode 100755 index 0000000000..336c5ffd00 --- /dev/null +++ b/kde-core/kdegraphics/PRE_BUILD @@ -0,0 +1,3 @@ +default_pre_build && +cd $SOURCE_DIRECTORY && +patch -p0 < $SPELL_DIRECTORY/post-3.5.7-kdegraphics-CVE-2007-3387.diff diff --git a/kde-core/kdegraphics/post-3.5.7-kdegraphics-CVE-2007-3387.diff b/kde-core/kdegraphics/post-3.5.7-kdegraphics-CVE-2007-3387.diff new file mode 100644 index 0000000000..e28add87e2 --- /dev/null +++ b/kde-core/kdegraphics/post-3.5.7-kdegraphics-CVE-2007-3387.diff @@ -0,0 +1,17 @@ +Index: kpdf/xpdf/xpdf/Stream.cc +=================================================================== +--- kpdf/xpdf/xpdf/Stream.cc (revision 689574) ++++ kpdf/xpdf/xpdf/Stream.cc (working copy) +@@ -411,9 +411,9 @@ StreamPredictor::StreamPredictor(Stream + + nVals = width * nComps; + if (width <= 0 || nComps <= 0 || nBits <= 0 || +- nComps >= INT_MAX / nBits || +- width >= INT_MAX / nComps / nBits || +- nVals * nBits + 7 < 0) { ++ nComps > gfxColorMaxComps || nBits > 16 || ++ width >= INT_MAX / nComps || ++ nVals >= (INT_MAX - 7) / nBits) { + return; + } + pixBytes = (nComps * nBits + 7) >> 3; |