commit optipng for openSUSE:Factory
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package optipng for openSUSE:Factory checked in at 2017-11-27 22:18:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/optipng (Old) and /work/SRC/openSUSE:Factory/.optipng.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "optipng" Mon Nov 27 22:18:21 2017 rev:35 rq:545849 version:0.7.6 Changes: -------- --- /work/SRC/openSUSE:Factory/optipng/optipng.changes 2017-11-20 17:07:28.949252300 +0100 +++ /work/SRC/openSUSE:Factory/.optipng.new/optipng.changes 2017-11-27 22:18:31.458388237 +0100 @@ -1,0 +2,7 @@ +Mon Nov 27 08:19:44 UTC 2017 - pgajdos@suse.com + +- security update: + * CVE-2017-16938 [bsc#1069774] + + optipng-CVE-2017-16938.patch + +------------------------------------------------------------------- New: ---- optipng-CVE-2017-16938.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ optipng.spec ++++++ --- /var/tmp/diff_new_pack.uXgLU7/_old 2017-11-27 22:18:32.290358041 +0100 +++ /var/tmp/diff_new_pack.uXgLU7/_new 2017-11-27 22:18:32.290358041 +0100 @@ -26,6 +26,7 @@ Source0: http://downloads.sourceforge.net/project/optipng/OptiPNG/optipng-%{version}/optipng-%{version}.tar.gz Source1: macros.optipng Patch0: optipng-CVE-2017-1000229.patch +Patch1: optipng-CVE-2017-16938.patch BuildRequires: libpng-devel BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -39,6 +40,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %build # not autotools generated configure ++++++ optipng-CVE-2017-16938.patch ++++++ --- a/src/gifread/gifread.c +++ b/src/gifread/gifread.c @@ -499,6 +499,8 @@ static int LZWReadByte(int init_flag, int input_code_size, FILE *stream) *sp++ = table[1][code]; if (code == table[0][code]) GIFError("GIF/LZW error: circular table entry"); + if ((size_t)(sp - stack) >= sizeof(stack) / sizeof(stack[0])) + GIFError("GIF/LZW error: circular table"); code = table[0][code]; }
participants (1)
-
root@hilbert.suse.de