* [gentoo-commits] gentoo-x86 commit in media-libs/lcms/files: lcms-1.19-cve-2013-4276.patch
@ 2014-10-23 19:30 Matthias Maier (tamiko)
0 siblings, 0 replies; only message in thread
From: Matthias Maier (tamiko) @ 2014-10-23 19:30 UTC (permalink / raw
To: gentoo-commits
tamiko 14/10/23 19:30:39
Added: lcms-1.19-cve-2013-4276.patch
Log:
fix CVE-2013-4276 wrt bug #479874
(Portage version: 2.2.8-r2/cvs/Linux x86_64, signed Manifest commit with key BD3A97A3)
Revision Changes Path
1.1 media-libs/lcms/files/lcms-1.19-cve-2013-4276.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/lcms/files/lcms-1.19-cve-2013-4276.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/lcms/files/lcms-1.19-cve-2013-4276.patch?rev=1.1&content-type=text/plain
Index: lcms-1.19-cve-2013-4276.patch
===================================================================
patch taken from:
https://bugzilla.redhat.com/show_bug.cgi?id=991757
patch checked against:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682#10
https://build.opensuse.org/package/view_file/openSUSE:Evergreen:11.2:Test/lcms/CVE-2013-4276.patch
diff -ur lcms-1.19.dfsg/samples/icctrans.c lcms-1.19.dfsg-patched/samples/icctrans.c
--- lcms-1.19.dfsg/samples/icctrans.c 2009-10-30 15:57:45.000000000 +0000
+++ lcms-1.19.dfsg-patched/samples/icctrans.c 2013-08-06 11:53:14.385266647 +0100
@@ -86,6 +86,8 @@
static LPcmsNAMEDCOLORLIST InputColorant = NULL;
static LPcmsNAMEDCOLORLIST OutputColorant = NULL;
+unsigned int Buffer_size = 4096;
+
// isatty replacement
@@ -500,7 +502,7 @@
Prefix[0] = 0;
if (!lTerse)
- sprintf(Prefix, "%s=", C);
+ snprintf(Prefix, 20, "%s=", C);
if (InHexa)
{
@@ -648,7 +650,9 @@
static
void GetLine(char* Buffer)
{
- scanf("%s", Buffer);
+ char User_buffer[Buffer_size];
+ fgets(User_buffer, (Buffer_size - 1), stdin);
+ sscanf(User_buffer,"%s", Buffer);
if (toupper(Buffer[0]) == 'Q') { // Quit?
@@ -668,7 +672,7 @@
static
double GetAnswer(const char* Prompt, double Range)
{
- char Buffer[4096];
+ char Buffer[Buffer_size];
double val = 0.0;
if (Range == 0.0) { // Range 0 means double value
@@ -738,7 +742,7 @@
static
WORD GetIndex(void)
{
- char Buffer[4096], Name[40], Prefix[40], Suffix[40];
+ char Buffer[Buffer_size], Name[40], Prefix[40], Suffix[40];
int index, max;
max = cmsNamedColorCount(hTrans)-1;
diff -ur lcms-1.19.dfsg/tifficc/tiffdiff.c lcms-1.19.dfsg-patched/tifficc/tiffdiff.c
--- lcms-1.19.dfsg/tifficc/tiffdiff.c 2009-10-30 15:57:46.000000000 +0000
+++ lcms-1.19.dfsg-patched/tifficc/tiffdiff.c 2013-08-06 11:49:06.698951157 +0100
@@ -633,7 +633,7 @@
cmsIT8SetSheetType(hIT8, "TIFFDIFF");
- sprintf(Buffer, "Differences between %s and %s", TiffName1, TiffName2);
+ snprintf(Buffer, 256, "Differences between %s and %s", TiffName1, TiffName2);
cmsIT8SetComment(hIT8, Buffer);
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-10-23 19:30 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-10-23 19:30 [gentoo-commits] gentoo-x86 commit in media-libs/lcms/files: lcms-1.19-cve-2013-4276.patch Matthias Maier (tamiko)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox