Hello community, here is the log from the commit of package GraphicsMagick checked in at Tue Jun 3 00:55:08 CEST 2008. -------- --- GraphicsMagick/GraphicsMagick.changes 2008-03-11 17:06:01.000000000 +0100 +++ /mounts/work_src_done/STABLE/GraphicsMagick/GraphicsMagick.changes 2008-05-23 15:51:38.000000000 +0200 @@ -1,0 +2,6 @@ +Fri May 23 15:51:33 CEST 2008 - nadvornik@suse.cz + +- fixed CVE-2008-1097 PCX buffer overflow [bnc#391366] +- fixed CVE-2008-1096 XCF Buffer overflow [bnc#391364] + +------------------------------------------------------------------- New: ---- GraphicsMagick-1.1.11-CVE-2008-1096.patch GraphicsMagick-1.1.11-CVE-2008-1097.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ GraphicsMagick.spec ++++++ --- /var/tmp/diff_new_pack.R17469/_old 2008-06-03 00:54:52.000000000 +0200 +++ /var/tmp/diff_new_pack.R17469/_new 2008-06-03 00:54:52.000000000 +0200 @@ -22,7 +22,7 @@ %define base_version 1.1.11 Summary: Viewer and Converter for Images Version: 1.1.11 -Release: 1 +Release: 26 License: X11/MIT Group: Productivity/Graphics/Convertors Source: ftp://ftp.GraphicsMagick.org/pub/%{name}/%{name}-%{version}.tar.bz2 @@ -31,6 +31,8 @@ Patch3: %{name}-%{version}-array.patch Patch4: %{name}-%{version}-perl.patch Patch10: %{name}-%{version}-include.patch +Patch11: %{name}-%{version}-CVE-2008-1096.patch +Patch12: %{name}-%{version}-CVE-2008-1097.patch Url: http://www.GraphicsMagick.org/ AutoReqProv: on BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -61,6 +63,7 @@ see the AUTHORS file %package -n libGraphicsMagick1 +License: X11/MIT Summary: Viewer and Converter for Images - runtime library Group: Productivity/Graphics/Convertors @@ -91,6 +94,7 @@ see the AUTHORS file %package -n libGraphicsMagickWand0 +License: X11/MIT Summary: Viewer and Converter for Images - runtime library Group: Productivity/Graphics/Convertors @@ -121,6 +125,7 @@ see the AUTHORS file %package devel +License: X11/MIT Summary: Viewer and Converter for Images - files mandatory for development Group: Development/Libraries/C and C++ Requires: %{name} = %{version} @@ -146,6 +151,7 @@ see the AUTHORS file %package -n perl-GraphicsMagick +License: X11/MIT Summary: Viewer and Converter for Images - perl interface Group: Development/Libraries/Perl Requires: %{name} = %{version} perl = %{perl_version} @@ -171,6 +177,7 @@ see the AUTHORS file %package -n libGraphicsMagick++1 +License: X11/MIT Summary: Viewer and Converter for Images - C++ interface Group: System/Libraries @@ -195,6 +202,7 @@ see the AUTHORS file %package -n libGraphicsMagick++-devel +License: X11/MIT Summary: Viewer and Converter for Images - C++ interface - development files Group: Development/Libraries/C and C++ Provides: GraphicsMagick-C++-devel @@ -228,6 +236,8 @@ %patch3 %patch4 %patch10 +%patch11 +%patch12 %build # do not run autoreconf @@ -358,6 +368,9 @@ %doc %{_mandir}/man1/%{name}++-config.1.gz %changelog +* Fri May 23 2008 nadvornik@suse.cz +- fixed CVE-2008-1097 PCX buffer overflow [bnc#391366] +- fixed CVE-2008-1096 XCF Buffer overflow [bnc#391364] * Tue Mar 11 2008 nadvornik@suse.cz - updated to 1.1.11: * security fixes merged upstream @@ -403,7 +416,7 @@ - fixed various crashes on malformed input, including CVE-2007-1797 and CVE-2007-1667 [#258253] - adjusted BuildRequires for libjasper-devel -* Tue Feb 27 2007 dmueller@suse.de +* Wed Feb 28 2007 dmueller@suse.de - reduce buildrequires * Thu Feb 22 2007 nadvornik@suse.cz - fixed patch for palm codec CVE-2006-5456 [#215685] ++++++ GraphicsMagick-1.1.11-CVE-2008-1096.patch ++++++ --- coders/xcf.c +++ coders/xcf.c @@ -302,6 +302,8 @@ sizeof(*xcfdata)); graydata = (unsigned char *)xcfdata; /* used by gray and indexed */ nmemb_read_successfully = ReadBlob(image, data_length, xcfdata); + if (nmemb_read_successfully > (ssize_t) (tile_image->columns*tile_image->rows)) + ThrowBinaryException(CorruptImageError,CorruptImage,image->filename); q=SetImagePixels(tile_image,0,0,tile_image->columns,tile_image->rows); @@ -564,6 +566,8 @@ /* 1.5 is probably more than we need to allow */ + if (offset2-offset > (ExtendedSignedIntegralType) (TILE_WIDTH * TILE_WIDTH * 4* 1.5)) + ThrowBinaryException(CorruptImageError,CorruptImage,image->filename); /* seek to the tile offset */ SeekBlob(image, offset, SEEK_SET); ++++++ GraphicsMagick-1.1.11-CVE-2008-1097.patch ++++++ --- coders/pcx.c +++ coders/pcx.c @@ -303,6 +303,9 @@ image->columns=(pcx_info.right-pcx_info.left)+1; image->rows=(pcx_info.bottom-pcx_info.top)+1; image->depth=pcx_info.bits_per_pixel <= 8 ? 8 : QuantumDepth; + if ((image->columns == 0) || (image->rows == 0) || + (pcx_info.bits_per_pixel == 0)) + ThrowReaderException(CorruptImageError,CorruptImage,image); image->units=PixelsPerInchResolution; image->x_resolution=pcx_info.horizontal_resolution; image->y_resolution=pcx_info.vertical_resolution; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org