Hello community, here is the log from the commit of package chasen for openSUSE:11.4 checked in at Tue Jan 3 12:16:45 CET 2012. -------- --- old-versions/11.4/all/chasen/chasen.changes 2010-12-11 08:35:43.000000000 +0100 +++ 11.4/chasen/chasen.changes 2011-12-26 08:25:29.000000000 +0100 @@ -1,0 +2,5 @@ +Mon Dec 26 07:16:10 UTC 2011 - klwang@suse.com + +- fix bnc#735830 - VUL-0: CVE-2011-4000: chasen: buffer overflow. + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/chasen Destination is old-versions/11.4/UPDATES/all/chasen calling whatdependson for 11.4-i586 New: ---- bnc#735830-buffer-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chasen.spec ++++++ --- /var/tmp/diff_new_pack.tOd9KI/_old 2012-01-03 12:16:34.000000000 +0100 +++ /var/tmp/diff_new_pack.tOd9KI/_new 2012-01-03 12:16:34.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package chasen (Version 2.4.2) +# spec file for package chasen # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,11 +25,12 @@ Requires: ipadic AutoReqProv: on Version: 2.4.2 -Release: 62 +Release: 65.<RELEASE66> Url: http://chasen.aist-nara.ac.jp/ # original source http://chasen.aist-nara.ac.jp/stable/chasen/chasen-2.3.3.tar.gz Source0: http://chasen.aist-nara.ac.jp/stable/chasen/%{name}-%{version}.tar.bz2 Patch1: chasen-decls.diff +Patch2: bnc#735830-buffer-overflow.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: Japanese Morphological Analysis System # Summary(ja): 形態素解析システム 茶筌 @@ -167,6 +168,7 @@ %prep %setup -q %patch1 +%patch2 -p1 %build autoreconf --force --install ++++++ bnc#735830-buffer-overflow.patch ++++++ Index: chasen-2.4.2/lib/chalib.c =================================================================== --- chasen-2.4.2.orig/lib/chalib.c +++ chasen-2.4.2/lib/chalib.c @@ -306,9 +306,14 @@ chasen_sparse_main(char *input, FILE *ou */ while (*input) { int c = 0, len, cursor; - if ((crlf = strpbrk(input, "\r\n")) == NULL) + if ((crlf = strpbrk(input, "\r\n")) == NULL) { len = strlen(input); - else { + if (len >= CHA_INPUT_SIZE) { + len = CHA_INPUT_SIZE - 1; + crlf = input + CHA_INPUT_SIZE - 2; + c = 0; + } + } else { len = crlf - input; c = *crlf; *crlf = '\0'; continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org