Hello community, here is the log from the commit of package gimp checked in at Thu Jul 5 10:12:35 CEST 2007. -------- --- GNOME/gimp/gimp.changes 2007-05-04 15:32:01.000000000 +0200 +++ /mounts/work_src_done/STABLE/gimp/gimp.changes 2007-07-04 00:22:20.523146000 +0200 @@ -1,0 +2,6 @@ +Wed Jul 4 00:22:16 CEST 2007 - maw@suse.de + +- Add gimp-psd-overflow.patch (#284288 and CVE-2007-2949), fixing + a buffer overflow. + +------------------------------------------------------------------- New: ---- gimp-psd-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gimp.spec ++++++ --- /var/tmp/diff_new_pack.mK2127/_old 2007-07-05 10:12:18.000000000 +0200 +++ /var/tmp/diff_new_pack.mK2127/_new 2007-07-05 10:12:18.000000000 +0200 @@ -21,8 +21,8 @@ %endif URL: http://www.gimp.org/ Version: 2.2.13 -Release: 60 -License: GNU General Public License (GPL) +Release: 87 +License: GPL v2 or later Group: Productivity/Graphics/Bitmap Editors Provides: gimp2 gimp-2.0 Obsoletes: libgimp gimp2-svg gimp2 @@ -36,6 +36,7 @@ Source2: gimp-splash.png Patch: gimp-default-browser.patch Patch1: gimp-sunras-overflow.patch +Patch2: gimp-psd-overflow.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -720,6 +721,9 @@ %{_datadir}/gtk-doc/html/* %changelog +* Wed Jul 04 2007 - maw@suse.de +- Add gimp-psd-overflow.patch (#284288 and CVE-2007-2949), fixing + a buffer overflow. * Fri May 04 2007 - sbrabec@suse.cz - Fixed buffer overflow in sunras plugin (#270506, GNOME#433902, CVE-2007-2356). ++++++ gimp-psd-overflow.patch ++++++ Index: gimp-2.2.13/plug-ins/common/psd.c =================================================================== --- gimp-2.2.13.orig/plug-ins/common/psd.c +++ gimp-2.2.13/plug-ins/common/psd.c @@ -1771,6 +1771,7 @@ load_image (const gchar *name) gint32 iter; fpos_t tmpfpos; int red_chan, grn_chan, blu_chan, alpha_chan, ichan; + gint lidx, cidx; IFDBG printf("------- %s ---------------------------------\n",name); @@ -1789,6 +1790,24 @@ load_image (const gchar *name) read_whole_file (fd); + for (lidx = 0; lidx < psd_image.num_layers; ++lidx) { + PSDlayer tl = psd_image.layer[lidx]; + + for (cidx = 0; cidx < tl.num_channels; ++cidx) { + PSDchannel tc = tl.channel[cidx]; + + if (tc.width > 30000 || tc.width < 1 || + tc.height > 30000 || tc.height < 1) { + /* No good! */ + + g_message (_("Invalid file: %s"), + gimp_filename_to_utf8 (name)); + /* Is it necessary to free up anything else? */ + fclose (fd); + return -1; + } + } + } if (psd_image.num_layers > 0) /* PS3-style */ { int lnum; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org