Hello community, here is the log from the commit of package cups checked in at Thu Aug 9 18:27:18 CEST 2007. -------- --- cups/cups.changes 2007-07-30 15:43:33.000000000 +0200 +++ /mounts/work_src_done/STABLE/cups/cups.changes 2007-08-06 17:47:05.100230000 +0200 @@ -1,0 +2,5 @@ +Mon Aug 6 17:46:56 CEST 2007 - kssingvo@suse.de + +- fix for xpdf bugzilla#291690, CVE-2007-3387, swamp-11865 + +------------------------------------------------------------------- New: ---- cups-1.2.7-xpdf_CVE_2007_3387.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cups.spec ++++++ --- /var/tmp/diff_new_pack.J29615/_old 2007-08-09 18:26:23.000000000 +0200 +++ /var/tmp/diff_new_pack.J29615/_new 2007-08-09 18:26:23.000000000 +0200 @@ -17,7 +17,7 @@ Group: Hardware/Printing Summary: The Common UNIX Printing System Version: 1.2.12 -Release: 3 +Release: 6 Requires: cups-libs = %{version}, cups-client = %{version} Requires: ghostscript_any, ghostscript-fonts-std, foomatic-filters Requires: util-linux @@ -52,6 +52,7 @@ Patch15: cups-1.2.11-testppd_filename.patch Patch16: cups-1.2.5-desktop_file.patch Patch17: cups-1.2.6-lppasswd_permission.patch +Patch18: cups-1.2.7-xpdf_CVE_2007_3387.patch Patch100: cups-1.1.23-testpage.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %suse_version >= 801 @@ -144,6 +145,7 @@ %patch15 -p1 %patch16 -p1 %patch17 -p1 +%patch18 -p1 if [ -f /.buildenv ]; then . /.buildenv else @@ -381,6 +383,8 @@ %{_datadir}/locale/*/cups_* %changelog +* Mon Aug 06 2007 - kssingvo@suse.de +- fix for xpdf bugzilla#291690, CVE-2007-3387, swamp-11865 * Mon Jul 30 2007 - kssingvo@suse.de - upgrade to cups-1.2.12: * The PHP cups_print_file() function crashed if the options array ++++++ cups-1.2.7-xpdf_CVE_2007_3387.patch ++++++ --- cups-1.2.7/pdftops/Stream.cxx.orig 2006-02-13 04:08:11.000000000 +0100 +++ cups-1.2.7/pdftops/Stream.cxx 2007-08-06 16:45:54.000000000 +0200 @@ -412,9 +412,9 @@ nVals = width * nComps; if (width <= 0 || nComps <= 0 || nBits <= 0 || - nComps >= INT_MAX / nBits || - width >= INT_MAX / nComps / nBits || - nVals * nBits + 7 < 0) { + nComps >= 4 || nBits > 16 || + width >= INT_MAX / nComps || + nVals >= (INT_MAX - 7) / nBits) { return; } pixBytes = (nComps * nBits + 7) >> 3; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org