[gentoo-commits] gentoo-x86 commit in net-print/cups/files: cups-1.4.8-CVE-2011-3170.patch cups-1.4.8-CVE-2011-2896.patch

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] gentoo-x86 commit in net-print/cups/files: cups-1.4.8-CVE-2011-3170.patch cups-1.4.8-CVE-2011-2896.patch
@ 2011-08-27 10:46 Andreas HAttel (dilfridge)
  0 siblings, 0 replies; only message in thread
From: Andreas HAttel (dilfridge) @ 2011-08-27 10:46 UTC (permalink / raw
  To: gentoo-commits

dilfridge    11/08/27 10:46:02

  Added:                cups-1.4.8-CVE-2011-3170.patch
  Removed:              cups-1.4.8-CVE-2011-2896.patch
  Log:
  Dont die on kernel misconfiguration; correct CVE number, the patch fixes CVE-2011-3170
  
  (Portage version: 2.1.10.11/cvs/Linux x86_64)

Revision  Changes    Path
1.1                  net-print/cups/files/cups-1.4.8-CVE-2011-3170.patch

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-print/cups/files/cups-1.4.8-CVE-2011-3170.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-print/cups/files/cups-1.4.8-CVE-2011-3170.patch?rev=1.1&content-type=text/plain

Index: cups-1.4.8-CVE-2011-3170.patch
===================================================================
Source: Upstream http://cups.org/str.php?L3914
Reason: Avoid GIF reader loop (CVE-2011-2896)
Upstream: Fixed in trunk

diff -up cups-1.4.8/filter/image-gif.c.CVE-2011-2896 cups-1.4.8/filter/image-gif.c
--- cups-1.4.8/filter/image-gif.c.CVE-2011-2896	2011-06-20 21:37:51.000000000 +0100
+++ cups-1.4.8/filter/image-gif.c	2011-08-19 11:33:37.547911212 +0100
@@ -648,11 +648,13 @@ gif_read_lzw(FILE *fp,			/* I - File to 
 
     if (code == max_code)
     {
-      *sp++ = firstcode;
-      code  = oldcode;
+      if (sp < (stack + 8192))
+	*sp++ = firstcode;
+
+      code = oldcode;
     }
 
-    while (code >= clear_code)
+    while (code >= clear_code && sp < (stack + 8192))
     {
       *sp++ = table[1][code];
       if (code == table[0][code])
@@ -661,8 +663,10 @@ gif_read_lzw(FILE *fp,			/* I - File to 
       code = table[0][code];
     }
 
-    *sp++ = firstcode = table[1][code];
-    code  = max_code;
+    if (sp < (stack + 8192))
+      *sp++ = firstcode = table[1][code];
+
+    code = max_code;
 
     if (code < 4096)
     {






^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2011-08-27 10:46 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-08-27 10:46 [gentoo-commits] gentoo-x86 commit in net-print/cups/files: cups-1.4.8-CVE-2011-3170.patch cups-1.4.8-CVE-2011-2896.patch Andreas HAttel (dilfridge)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox