Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2018-08-07 09:39:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libpng16" Tue Aug 7 09:39:30 2018 rev:39 rq:626863 version:1.6.34 Changes: -------- --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes 2018-02-09 15:43:22.996359494 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new/libpng16.changes 2018-08-07 09:39:38.848951417 +0200 @@ -1,0 +2,7 @@ +Wed Aug 1 08:01:23 UTC 2018 - pgajdos@suse.com + +- security update: + * CVE-2018-13785 [bsc#1100687] + + libpng16-CVE-2018-13785.patch + +------------------------------------------------------------------- New: ---- libpng16-CVE-2018-13785.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng16.spec ++++++ --- /var/tmp/diff_new_pack.ZnFKs7/_old 2018-08-07 09:39:40.088953579 +0200 +++ /var/tmp/diff_new_pack.ZnFKs7/_new 2018-08-07 09:39:40.088953579 +0200 @@ -35,6 +35,7 @@ Source2: libpng16.keyring Source3: rpm-macros.libpng-tools Source4: baselibs.conf +Patch0: libpng16-CVE-2018-13785.patch BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: zlib-devel @@ -96,6 +97,7 @@ %prep %setup -q -n libpng-%{version} +%patch0 -p1 %build # PNG_SAFE_LIMITS_SUPPORTED: http://www.openwall.com/lists/oss-security/2015/01/10/1 ++++++ libpng16-CVE-2018-13785.patch ++++++ Index: libpng-1.6.34/pngrutil.c =================================================================== --- libpng-1.6.34.orig/pngrutil.c 2017-09-29 10:40:57.000000000 +0200 +++ libpng-1.6.34/pngrutil.c 2018-08-01 09:59:02.399741891 +0200 @@ -3149,7 +3149,7 @@ png_check_chunk_length(png_const_structr { png_alloc_size_t idat_limit = PNG_UINT_31_MAX; size_t row_factor = - (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) + ((size_t)png_ptr->width * (size_t)png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) + 1 + (png_ptr->interlaced? 6: 0)); if (png_ptr->height > PNG_UINT_32_MAX/row_factor) idat_limit=PNG_UINT_31_MAX;