Hello community, here is the log from the commit of package jasper for openSUSE:12.1:Update:Test checked in at 2011-12-14 17:36:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/jasper (Old) and /work/SRC/openSUSE:12.1:Update:Test/.jasper.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "jasper", Maintainer is "nadvornik@suse.com" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/jasper/jasper.changes 2011-12-14 17:36:50.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.jasper.new/jasper.changes 2011-12-14 17:36:51.000000000 +0100 @@ -1,0 +2,7 @@ +Wed Dec 14 10:43:36 UTC 2011 - mkubecek@suse.cz + +- jasper-1.900.1-bnc725758.patch: + Two security bugs allowing buffer overflow to be caused by + incorrect image data (bnc#725758, CVE-2011-4516 and CVE-2011-4517) + +------------------------------------------------------------------- New: ---- jasper-1.900.1-bnc725758.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jasper.spec ++++++ --- /var/tmp/diff_new_pack.6tc3Az/_old 2011-12-14 17:36:51.000000000 +0100 +++ /var/tmp/diff_new_pack.6tc3Az/_new 2011-12-14 17:36:51.000000000 +0100 @@ -32,6 +32,7 @@ Patch: %{name}-%{version}-uninitialized.patch Patch2: %{name}-%{version}-bug258253.patch Patch3: %{name}-%{version}-bug392410.patch +Patch4: %{name}-1.900.1-bnc725758.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -77,6 +78,7 @@ %patch %patch2 %patch3 +%patch4 %build %{suse_update_config} ++++++ jasper-1.900.1-bnc725758.patch ++++++ diff -up src/libjasper/jpc/jpc_cs.c.orig-725758 src/libjasper/jpc/jpc_cs.c --- src/libjasper/jpc/jpc_cs.c.orig-725758 2011-12-12 18:36:53.772117206 +0100 +++ src/libjasper/jpc/jpc_cs.c 2011-12-12 18:36:12.805999375 +0100 @@ -744,6 +744,12 @@ static int jpc_cox_getcompparms(jpc_ms_t return -1; } compparms->numrlvls = compparms->numdlvls + 1; + if (compparms->numrlvls > JPC_MAXRLVLS) { + compparms->numrlvls = 0; + jpc_cox_destroycompparms(compparms); + return -1; + } + if (prtflag) { for (i = 0; i < compparms->numrlvls; ++i) { if (jpc_getuint8(in, &tmp)) { @@ -1331,7 +1337,7 @@ static int jpc_crg_getparms(jpc_ms_t *ms jpc_crgcomp_t *comp; uint_fast16_t compno; crg->numcomps = cstate->numcomps; - if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) { + if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) { return -1; } for (compno = 0, comp = crg->comps; compno < cstate->numcomps; -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org