rpms/ghostscript
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Fixed CVE-2009-0583,0584 patch by using 255 as the maximum number of

Browse Source 
points, not 100, and by not treating a missing black point tag as an
    error (bug #487744).
This commit is contained in:
Tim Waugh 2009-07-30 13:49:52 +00:00
parent 0bb2e4c55a
commit a82e34fd34
2 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ghostscript-CVE-2009-0583,0584.patch
View File

@ -1,6 +1,6 @@
diff -up ghostscript-8.64/icclib/icc.c.CVE-2009-0583,0584 ghostscript-8.64/icclib/icc.c
--- ghostscript-8.64/icclib/icc.c.CVE-2009-0583,0584 2008-05-09 05:12:01.000000000 +0100
+++ ghostscript-8.64/icclib/icc.c 2009-03-06 15:24:33.000000000 +0000
+++ ghostscript-8.64/icclib/icc.c 2009-07-30 13:29:08.853734640 +0100
@@ -152,6 +152,8 @@
* Various bug fixes and enhancements.
*/
@ -373,7 +373,7 @@ diff -up ghostscript-8.64/icclib/icc.c.CVE-2009-0583,0584 ghostscript-8.64/iccli
return icp->errc = 1;
}
+ if (p->clutPoints > 100) {
+ if (p->clutPoints > 255) {
+ sprintf(icp->err,"icmLut_read: too many clutPoints");
+ return icp->errc = 1;
+ }
@ -987,3 +987,11 @@ diff -up ghostscript-8.64/icclib/icc.c.CVE-2009-0583,0584 ghostscript-8.64/iccli
if (p->data == NULL)
tp = p->al->malloc(p->al, (p->count+1) * sizeof(icmTag));
else
@@ -12246,6 +12545,7 @@ static icmLuBase* icc_get_luobj (
if ((blackPointTag = (icmXYZArray *)p->read_tag(p, icSigMediaBlackPointTag)) == NULL
|| blackPointTag->ttype != icSigXYZType || blackPointTag->size < 1) {
blackPoint = icmBlack; /* default */
+ p->errc = 0; /* reset the error code. black point is NOT required */
} else
blackPoint = blackPointTag->data[0]; /* Copy structure */
}

7
ghostscript.spec
View File

@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer.
Name: ghostscript
Version: %{gs_ver}
Release: 10%{?dist}
Release: 11%{?dist}
# Included CMap data is Redistributable, no modification permitted,
# see http://bugzilla.redhat.com/487510
@ -312,6 +312,11 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/libgs.so
%changelog
* Thu Jul 30 2009 Tim Waugh <twaugh@redhat.com> 8.64-11
- Fixed CVE-2009-0583,0584 patch by using 255 as the maximum number of
points, not 100, and by not treating a missing black point tag as an
error (bug #487744).
* Thu Jul 30 2009 Rex Dieter <rdieter@fedoraproject.org> - 8.64-10
- License: GPLv2 and Redistributable, no modification permitted (bug #487510)