From 467fcf658c36cce86a465d0a826569516e6d3c89 Mon Sep 17 00:00:00 2001 From: Parag Nemade Date: Sat, 1 May 2021 08:28:01 +0530 Subject: [PATCH] Resolves: CVE-2019-19004 : integer overflow in input-bmp.c Resolves: CVE-2019-19005 : fix bitmap double free in main.c --- autotrace.spec | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/autotrace.spec b/autotrace.spec index 360bd82..768ae10 100644 --- a/autotrace.spec +++ b/autotrace.spec @@ -1,6 +1,6 @@ Name: autotrace Version: 0.31.1 -Release: 59%{?dist} +Release: 60%{?dist} Summary: Utility for converting bitmaps to vector graphics License: GPLv2+ and LGPLv2+ URL: http://autotrace.sourceforge.net/ @@ -13,6 +13,8 @@ Patch4: autotrace-0.31.1-CVE-2013-1953.patch Patch5: autotrace-0.31.1-multilib-fix.patch Patch6: autotrace-0.31.1-pstoedit-detection-fix.patch Patch7: autotrace-0.31.1-CVE-2016-7392.patch +Patch8: autotrace-0.31.1-CVE-2019-19004.patch +Patch9: autotrace-0.31.1-CVE-2019-19005.patch BuildRequires: gcc-c++ %if ! 0%{?rhel} BuildRequires: ImageMagick-devel @@ -63,6 +65,8 @@ This package contains header files and development libraries for autotrace. %patch5 -p1 -b .multilib-fix %patch6 -p1 -b .pstoedit-detection-fix %patch7 -p1 -b .CVE-2016-7392 +%patch8 -p1 -b .CVE-2019-19004 +%patch9 -p1 -b .CVE-2019-19005 autoreconf -ivf %build @@ -104,6 +108,10 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';' %changelog +* Fri Apr 30 2021 Parag Nemade - 0.31.1-60 +- Resolves: CVE-2019-19004 : integer overflow in input-bmp.c +- Resolves: CVE-2019-19005 : fix bitmap double free in main.c + * Tue Jan 26 2021 Fedora Release Engineering - 0.31.1-59 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild