Hello community, here is the log from the commit of package evince checked in at Thu Dec 7 19:55:14 CET 2006. -------- --- GNOME/evince/evince.changes 2006-11-13 19:15:48.000000000 +0100 +++ /mounts/work_src_done/STABLE/evince/evince.changes 2006-12-07 13:00:35.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Dec 7 13:00:35 CET 2006 - sbrabec@suse.cz + +- Fixed buffer overflow in DSC parsing (#225201, CVE-2006-5864). + +------------------------------------------------------------------- New: ---- evince-CVE-2006-5864.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ evince.spec ++++++ --- /var/tmp/diff_new_pack.8acoYM/_old 2006-12-07 19:54:25.000000000 +0100 +++ /var/tmp/diff_new_pack.8acoYM/_new 2006-12-07 19:54:25.000000000 +0100 @@ -13,13 +13,14 @@ Name: evince BuildRequires: ghostscript-fonts-std ghostscript-x11 gnome-doc-utils-devel gnome-icon-theme gnutls-devel libglade2-devel libgnomeprintui-devel libgnomeui-devel libtiff-devel libwnck-devel mDNSResponder-devel perl-XML-Parser poppler-devel poppler-glib scrollkeeper update-desktop-files Version: 0.6.1 -Release: 16 +Release: 22 URL: http://www.gnome.org/projects/evince/ Group: System/GUI/GNOME -License: GNU General Public License (GPL) - all versions +License: GNU General Public License (GPL) Summary: GNOME Document Viewer Source: ftp://ftp.gnome.org/pub/GNOME/sources/%{name}/0.4/%{name}-%{version}.tar.bz2 Patch: evince-desktop.patch +Patch1: evince-CVE-2006-5864.patch Autoreqprov: on Requires: gnome-icon-theme BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -42,6 +43,7 @@ %prep %setup %patch +%patch1 %build export CFLAGS="$RPM_OPT_FLAGS" @@ -84,6 +86,8 @@ #/opt/gnome/share/locale/*/LC_MESSAGES/Evince.mo %changelog -n evince +* Thu Dec 07 2006 - sbrabec@suse.cz +- Fixed buffer overflow in DSC parsing (#225201, CVE-2006-5864). * Mon Nov 13 2006 - jhargadon@suse.de - re-enabling evince-desktop.patch to resolve bug #220232 * Tue Oct 17 2006 - jhargadon@suse.de ++++++ evince-CVE-2006-5864.patch ++++++ --- ps/ps.c +++ ps/ps.c @@ -1232,6 +1232,8 @@ quoted = 1; line++; while(*line && !(*line == ')' && level == 0)) { + if (cp - text >= PSLINELENGTH - 2) + return NULL; if(*line == '\') { if(*(line + 1) == 'n') { *cp++ = '\n'; @@ -1302,8 +1304,11 @@ } } else { - while(*line && !(*line == ' ' || *line == '\t' || *line == '\n')) + while(*line && !(*line == ' ' || *line == '\t' || *line == '\n')) { + if (cp - text >= PSLINELENGTH - 2) + return NULL; *cp++ = *line++; + } } *cp = '\0'; if(next_char) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org