Hello community, here is the log from the commit of package gd checked in at Thu May 31 21:29:36 CEST 2007. -------- --- gd/gd.changes 2007-05-03 17:55:44.000000000 +0200 +++ /mounts/work_src_done/STABLE/gd/gd.changes 2007-05-29 17:20:41.000000000 +0200 @@ -1,0 +2,6 @@ +Tue May 29 17:16:32 CEST 2007 - nadvornik@suse.cz + +- fixed infinite loop on truncated png images + CVE-2007-2756 [#276525] + +------------------------------------------------------------------- New: ---- gd-png-loop-CVE-2007-2756.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gd.spec ++++++ --- /var/tmp/diff_new_pack.Z12863/_old 2007-05-31 21:29:30.000000000 +0200 +++ /var/tmp/diff_new_pack.Z12863/_new 2007-05-31 21:29:30.000000000 +0200 @@ -17,7 +17,7 @@ Obsoletes: gdlib Autoreqprov: on Version: 2.0.34 -Release: 11 +Release: 21 URL: http://www.boutell.com/gd/ Summary: A Drawing Library for Programs That Use PNG and JPEG Output Source: gd-%{version}.tar.bz2 @@ -27,6 +27,7 @@ Patch3: gd-aliasing.patch Patch4: gd-security.patch Patch6: gd-fontpath.patch +Patch7: gd-png-loop-CVE-2007-2756.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -68,6 +69,7 @@ %patch3 %patch4 %patch6 +%patch7 %build %{suse_update_config -f} @@ -136,6 +138,9 @@ %{_libdir}/*.la %changelog +* Tue May 29 2007 - nadvornik@suse.cz +- fixed infinite loop on truncated png images + CVE-2007-2756 [#276525] * Thu May 03 2007 - prusnak@suse.cz - changed expat to libexpat-devel in Requires of devel subpackage * Tue Feb 20 2007 - nadvornik@suse.cz ++++++ gd-png-loop-CVE-2007-2756.patch ++++++ --- gd_png.c 1 Apr 2007 20:41:01 -0000 1.21.2.1 +++ gd_png.c 16 May 2007 19:06:11 -0000 @@ -81,7 +81,11 @@ gdPngErrorHandler (png_structp png_ptr, static void gdPngReadData (png_structp png_ptr, png_bytep data, png_size_t length) { - gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr)); + int check; + check = gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr)); + if (check != length) { + png_error(png_ptr, "Read Error: truncated data"); + } } static void ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org