commit hplip for openSUSE:Factory
Hello community, here is the log from the commit of package hplip for openSUSE:Factory checked in at Fri Jan 14 04:01:55 CET 2011. -------- --- hplip/hplip.changes 2010-12-29 19:21:30.000000000 +0100 +++ hplip/hplip.changes 2011-01-13 16:29:39.000000000 +0100 @@ -1,0 +2,6 @@ +Thu Jan 13 16:29:01 CET 2011 - jsmeix@suse.de + +- hplip-3.9.8-CVE-2010-4267.patch fixes a remote buffer overflow + (CVE-2010-4267 and Novell/Suse Bugzilla bnc#336658). + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- hplip-3.9.8-CVE-2010-4267.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hplip.spec ++++++ --- /var/tmp/diff_new_pack.BTS76F/_old 2011-01-14 03:53:28.000000000 +0100 +++ /var/tmp/diff_new_pack.BTS76F/_new 2011-01-14 03:53:28.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package hplip (Version 3.10.9) +# spec file for package hplip # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,7 +30,7 @@ # x.y.m : x = major release number, y = year (eg: 6 = 2006), m = month (eg: 6a = second release in June) # Official releases have a 3 digit number and release candidates have a 4 digit number: x.y.m.rc Version: 3.10.9 -Release: 3 +Release: 4 Group: Hardware/Printing License: BSD3c(or similar) ; GPLv2+ ; MIT License (or similar) Url: http://hplipopensource.com @@ -42,6 +42,8 @@ # Patch10 fixes "... is used uninitialized ..." warnings: Patch10: fix-uninitialized-variables.diff # Patch11 fix_gcc44_glib.diff is obsolete since version 3.9.6b because it is fixed in the source. +# Patch12 hplip-3.9.8-CVE-2010-4267.patch fixes a remote buffer overflow in hpmud/pml.c: +Patch12: hplip-3.9.8-CVE-2010-4267.patch # Source100... is for special Suse sources: # Source100 is the primary source for the suse_update_desktop_file stuff. # It is found automatically in $RPM_SOURCE_DIR by 'suse_update_desktop_file -i hplip': @@ -267,6 +269,9 @@ # Patch10 fix-uninitialized-variables.diff # fixes "... is used uninitialized ..." warnings: %patch10 +# Patch12 hplip-3.9.8-CVE-2010-4267.patch +# fixes a remote buffer overflow in hpmud/pml.c: +%patch12 # Patch101 change-udev-rules.diff # changes the udev rules files 55-hpmud.rules and 56-hpmud_support.rules: %patch101 ++++++ hplip-3.9.8-CVE-2010-4267.patch ++++++ --- io/hpmud/pml.c.orig 2009-08-04 23:37:25.000000000 +0200 +++ io/hpmud/pml.c 2010-12-17 13:09:28.000000000 +0100 @@ -504,6 +504,8 @@ enum HPMUD_RESULT hpmud_get_pml(HPMUD_DE p += 2; /* eat type and length */ } + if (dLen > buf_size) + dLen = buf_size; memcpy(buf, p, dLen); *bytes_read = dLen; *type = dt; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de