Hello community, here is the log from the commit of package jasper for openSUSE:11.3 checked in at Wed Dec 14 17:54:41 CET 2011. -------- --- old-versions/11.3/all/jasper/jasper.changes 2009-12-16 11:17:42.000000000 +0100 +++ 11.3/jasper/jasper.changes 2011-12-14 11:54:22.000000000 +0100 @@ -1,0 +2,7 @@ +Wed Dec 14 10:51:04 UTC 2011 - mkubecek@suse.cz + +- jasper-1.900.1-bnc725758.patch: + Two security bugs allowing buffer overflow to be caused by + incorrect image data (bnc#725758, CVE-2011-4516 and CVE-2011-4517) + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.3/all/jasper Destination is old-versions/11.3/UPDATES/all/jasper calling whatdependson for 11.3-i586 New: ---- jasper-1.900.1-bnc725758.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jasper.spec ++++++ --- /var/tmp/diff_new_pack.8p0L6U/_old 2011-12-14 17:51:30.000000000 +0100 +++ /var/tmp/diff_new_pack.8p0L6U/_new 2011-12-14 17:51:30.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package jasper (Version 1.900.1) +# spec file for package jasper # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,13 +25,14 @@ Group: Productivity/Graphics/Convertors AutoReqProv: on Version: 1.900.1 -Release: 136 +Release: 141.<RELEASE2> Summary: An Implementation of the JPEG-2000 Standard, Part 1 Source: %{name}-%{version}.tar.bz2 Source2: baselibs.conf Patch: %{name}-%{version}-uninitialized.patch Patch2: %{name}-%{version}-bug258253.patch Patch3: %{name}-%{version}-bug392410.patch +Patch4: %{name}-1.900.1-bnc725758.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -92,6 +93,7 @@ %patch %patch2 %patch3 +%patch4 %build %{suse_update_config} ++++++ jasper-1.900.1-bnc725758.patch ++++++ diff -up src/libjasper/jpc/jpc_cs.c.orig-725758 src/libjasper/jpc/jpc_cs.c --- src/libjasper/jpc/jpc_cs.c.orig-725758 2011-12-12 18:36:53.772117206 +0100 +++ src/libjasper/jpc/jpc_cs.c 2011-12-12 18:36:12.805999375 +0100 @@ -744,6 +744,12 @@ static int jpc_cox_getcompparms(jpc_ms_t return -1; } compparms->numrlvls = compparms->numdlvls + 1; + if (compparms->numrlvls > JPC_MAXRLVLS) { + compparms->numrlvls = 0; + jpc_cox_destroycompparms(compparms); + return -1; + } + if (prtflag) { for (i = 0; i < compparms->numrlvls; ++i) { if (jpc_getuint8(in, &tmp)) { @@ -1331,7 +1337,7 @@ static int jpc_crg_getparms(jpc_ms_t *ms jpc_crgcomp_t *comp; uint_fast16_t compno; crg->numcomps = cstate->numcomps; - if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) { + if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) { return -1; } for (compno = 0, comp = crg->comps; compno < cstate->numcomps; continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org