Hello community,
here is the log from the commit of package libmikmod for openSUSE:Factory
checked in at Fri Jan 23 23:46:06 CET 2009.
--------
--- libmikmod/libmikmod.changes 2009-01-09 13:38:15.000000000 +0100
+++ /mounts/work_src_done/STABLE/libmikmod/libmikmod.changes 2009-01-23 16:45:53.000000000 +0100
@@ -1,0 +2,5 @@
+Fri Jan 23 16:44:16 CET 2009 - prusnak@suse.cz
+
+- fixed DoS CVE-2007-6720 [bnc#468760]
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
libmikmod-CVE-2007-6720.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libmikmod.spec ++++++
--- /var/tmp/diff_new_pack.o24498/_old 2009-01-23 23:44:26.000000000 +0100
+++ /var/tmp/diff_new_pack.o24498/_new 2009-01-23 23:44:26.000000000 +0100
@@ -25,7 +25,7 @@
Group: System/Libraries
Summary: MikMod Sound Library
Version: 3.1.11a
-Release: 113
+Release: 114
%define _version 3.1.11
# bug437293
%ifarch ppc64
@@ -38,6 +38,7 @@
Source2: libmikmod-rpmlintrc
Patch3: libmikmod-config-fix.dif
Patch4: libmikmod-conftest_fix.diff
+Patch5: libmikmod-CVE-2007-6720.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -79,6 +80,7 @@
%patch1
%patch3
%patch4
+%patch5
%build
autoreconf -f -i
@@ -119,6 +121,8 @@
%doc %{_mandir}/man1/*-config.*
%changelog
+* Fri Jan 23 2009 prusnak@suse.cz
+- fixed DoS CVE-2007-6720 [bnc#468760]
* Fri Jan 09 2009 crrodriguez@suse.de
- remove static libraries and "la" files
* Wed Jan 07 2009 olh@suse.de
++++++ libmikmod-CVE-2007-6720.diff ++++++
--- loaders/load_xm.c
+++ loaders/load_xm.c
@@ -622,7 +622,8 @@
/* read the remainder of the header */
for(u=headend-_mm_ftell(modreader);u;u--) _mm_read_UBYTE(modreader);
- if(_mm_eof(modreader)) {
+ /* last instrument is at the end of file in version 0x0104 */
+ if(_mm_eof(modreader) && (mh->version<0x0104 || t