Hello community, here is the log from the commit of package libpng12-0 checked in at Wed Sep 24 00:48:13 CEST 2008. -------- --- libpng12-0/libpng12-0.changes 2008-09-11 15:29:35.000000000 +0200 +++ /d/STABLE/libpng12-0/libpng12-0.changes 2008-09-15 17:48:01.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Sep 15 17:46:06 CEST 2008 - pgajdos@suse.cz + +- fixed CVE-2008-3964 [bnc#424739] + * CVE-2008-3964.patch + +------------------------------------------------------------------- New: ---- libpng-1.2.31-CVE-2008-3964.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng12-0.spec ++++++ --- /var/tmp/diff_new_pack.Wd3140/_old 2008-09-24 00:47:48.000000000 +0200 +++ /var/tmp/diff_new_pack.Wd3140/_new 2008-09-24 00:47:48.000000000 +0200 @@ -25,10 +25,11 @@ Url: http://www.libpng.org/pub/png/libpng.html AutoReqProv: on Version: 1.2.31 -Release: 1 +Release: 4 Summary: Library for the Portable Network Graphics Format (PNG) Source: libpng-%{version}.tar.bz2 Patch: libpng-%{version}-setjmp.diff +Patch1: libpng-%{version}-CVE-2008-3964.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Obsoletes: libpng < %{version} Provides: libpng = %{version}-%{release} @@ -81,6 +82,7 @@ %prep %setup -n libpng-%{version} %patch +%patch1 %build ./autogen.sh @@ -132,6 +134,9 @@ %doc CHANGES README TODO ANNOUNCE KNOWNBUG Y2KINFO LICENSE libpng-*.txt %changelog +* Mon Sep 15 2008 pgajdos@suse.cz +- fixed CVE-2008-3964 [bnc#424739] + * CVE-2008-3964.patch * Thu Sep 11 2008 pgajdos@suse.cz - updated to version 1.2.31: * coding bugfixes and enhancements ++++++ libpng-1.2.31-CVE-2008-3964.patch ++++++ --- pngpread.c +++ pngpread.c @@ -1279,7 +1279,7 @@ tmp = text; text = (png_charp)png_malloc(png_ptr, text_size + (png_uint_32)(png_ptr->zbuf_size - - png_ptr->zstream.avail_out)); + - png_ptr->zstream.avail_out + 1)); png_memcpy(text, tmp, text_size); png_free(png_ptr, tmp); png_memcpy(text + text_size, png_ptr->zbuf, ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org