Hello community, here is the log from the commit of package imlib2 checked in at Fri Nov 21 16:04:27 CET 2008. -------- --- imlib2/imlib2.changes 2008-10-21 11:02:37.000000000 +0200 +++ /mounts/work_src_done/STABLE/imlib2/imlib2.changes 2008-11-21 15:05:07.000000000 +0100 @@ -1,0 +2,6 @@ +Fri Nov 21 15:04:38 CET 2008 - meissner@suse.de + +- fixed a pointer arithmetic problem in the XPM loader + CVE-2008-5187/bnc#447093 + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- imlib2-loader_xpm-CVE-2008-5187.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ imlib2.spec ++++++ --- /var/tmp/diff_new_pack.O10711/_old 2008-11-21 16:03:30.000000000 +0100 +++ /var/tmp/diff_new_pack.O10711/_new 2008-11-21 16:03:30.000000000 +0100 @@ -21,10 +21,11 @@ BuildRequires: freetype2-devel giflib-devel libpng-devel libtiff-devel xorg-x11-devel Summary: Image handling and conversion library. Version: 1.4.2 -Release: 1 +Release: 2 License: BSD 3-Clause Group: Development/Libraries/X11 Source: %name-%version.tar.bz2 +Patch: %name-loader_xpm-CVE-2008-5187.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://sourceforge.net/projects/enlightenment/ Suggests: imlib2-loaders @@ -90,6 +91,7 @@ %prep %setup -q +%patch %build autoreconf --force --install @@ -161,6 +163,9 @@ %attr(755,root,root) %{_libdir}/imlib2/loaders %changelog +* Fri Nov 21 2008 meissner@suse.de +- fixed a pointer arithmetic problem in the XPM loader + CVE-2008-5187/bnc#447093 * Tue Oct 21 2008 meissner@suse.de - upgraded to 1.4.2 upstream - our upstream fixes mostly @@ -217,7 +222,7 @@ * Wed Sep 21 2005 ro@suse.de - only remove .la files for plugins - add requires to devel package -* Wed Sep 21 2005 jw@suse.de +* Tue Sep 20 2005 jw@suse.de - offending \*.la files removed. * Tue Mar 08 2005 jw@suse.de - Provides for all the loaders added @@ -230,7 +235,7 @@ * Thu Aug 26 2004 meissner@suse.de - Upgraded to 1.1.1. - Fixed buffer overflow in BMP loader. -* Mon Jan 19 2004 meissner@suse.de +* Sun Jan 18 2004 meissner@suse.de - fixed "label at end of compound statement" errors in gcc 3.4 * Mon Jan 12 2004 adrian@suse.de - revert last change (%%run_ldconfig already exist before) ++++++ imlib2-loader_xpm-CVE-2008-5187.patch ++++++ --- src/modules/loaders/loader_xpm.c +++ src/modules/loaders/loader_xpm.c @@ -253,8 +253,8 @@ return 0; } ptr = im->data; - end = ptr + (sizeof(DATA32) * w * h); pixels = w * h; + end = ptr + pixels; } else { ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org