summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Gurr <tgurr@gentoo.org>2011-08-25 01:02:49 +0000
committerTimo Gurr <tgurr@gentoo.org>2011-08-25 01:02:49 +0000
commit44e6df3efcf4df9dd1b73f98230ee9f17cddfe38 (patch)
treeb5496cbc44cf3a477fc74a5610b2a6b25c47934c /net-print/cups/files
parentVersion bump (diff)
downloadgentoo-2-44e6df3efcf4df9dd1b73f98230ee9f17cddfe38.tar.gz
gentoo-2-44e6df3efcf4df9dd1b73f98230ee9f17cddfe38.tar.bz2
gentoo-2-44e6df3efcf4df9dd1b73f98230ee9f17cddfe38.zip
Revbumps fixing security issue CVE-2011-2896. Remove old.
(Portage version: 2.2.0_alpha51/cvs/Linux x86_64)
Diffstat (limited to 'net-print/cups/files')
-rw-r--r--net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch37
1 files changed, 37 insertions, 0 deletions
diff --git a/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch b/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch
new file mode 100644
index 000000000000..843456f2eebd
--- /dev/null
+++ b/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch
@@ -0,0 +1,37 @@
+Source: Upstream http://cups.org/str.php?L3914
+Reason: Avoid GIF reader loop (CVE-2011-2896)
+Upstream: Fixed in trunk
+
+diff -up cups-1.4.8/filter/image-gif.c.CVE-2011-2896 cups-1.4.8/filter/image-gif.c
+--- cups-1.4.8/filter/image-gif.c.CVE-2011-2896 2011-06-20 21:37:51.000000000 +0100
++++ cups-1.4.8/filter/image-gif.c 2011-08-19 11:33:37.547911212 +0100
+@@ -648,11 +648,13 @@ gif_read_lzw(FILE *fp, /* I - File to
+
+ if (code == max_code)
+ {
+- *sp++ = firstcode;
+- code = oldcode;
++ if (sp < (stack + 8192))
++ *sp++ = firstcode;
++
++ code = oldcode;
+ }
+
+- while (code >= clear_code)
++ while (code >= clear_code && sp < (stack + 8192))
+ {
+ *sp++ = table[1][code];
+ if (code == table[0][code])
+@@ -661,8 +663,10 @@ gif_read_lzw(FILE *fp, /* I - File to
+ code = table[0][code];
+ }
+
+- *sp++ = firstcode = table[1][code];
+- code = max_code;
++ if (sp < (stack + 8192))
++ *sp++ = firstcode = table[1][code];
++
++ code = max_code;
+
+ if (code < 4096)
+ {