Hello community, here is the log from the commit of package lcms2 for openSUSE:Factory checked in at 2017-01-25 22:39:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lcms2 (Old) and /work/SRC/openSUSE:Factory/.lcms2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "lcms2" Changes: -------- --- /work/SRC/openSUSE:Factory/lcms2/lcms2.changes 2016-08-22 10:06:45.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.lcms2.new/lcms2.changes 2017-01-25 22:39:06.387478667 +0100 @@ -1,0 +2,6 @@ +Tue Jan 24 00:47:25 UTC 2017 - plinnell@opensuse.org + +- Added 0001-Added-an-extra-check-to-MLU-bounds.patch + * fixes https://bugzilla.suse.com/show_bug.cgi?id=1021364 + +------------------------------------------------------------------- New: ---- 0001-Added-an-extra-check-to-MLU-bounds.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lcms2.spec ++++++ --- /var/tmp/diff_new_pack.PvTZBC/_old 2017-01-25 22:39:07.271345114 +0100 +++ /var/tmp/diff_new_pack.PvTZBC/_new 2017-01-25 22:39:07.275344510 +0100 @@ -55,6 +55,7 @@ Source1: baselibs.conf Patch1: lcms2-ocloexec.patch Patch2: lcms2-visibility.patch +Patch3: 0001-Added-an-extra-check-to-MLU-bounds.patch %description Littlecms is a small speed optimized color management engine. @@ -96,6 +97,7 @@ %setup -q %patch1 %patch2 +%patch3 -p1 chmod a-x doc/* COPYING AUTHORS %build ++++++ 0001-Added-an-extra-check-to-MLU-bounds.patch ++++++
From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001 From: Marti
Date: Mon, 15 Aug 2016 23:31:39 +0200 Subject: [PATCH] Added an extra check to MLU bounds
Thanks to Ibrahim el-sayed for spotting the bug --- src/cmstypes.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/cmstypes.c b/src/cmstypes.c index cb61860..c7328b9 100644 --- a/src/cmstypes.c +++ b/src/cmstypes.c @@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU // Check for overflow if (Offset < (SizeOfHeader + 8)) goto Error; + if ((Offset + Len) > SizeOfTag + 8) goto Error; // True begin of the string BeginOfThisString = Offset - SizeOfHeader - 8; -- 2.7.4