Hello community, here is the log from the commit of package gimp for openSUSE:11.4 checked in at Tue May 31 15:44:39 CEST 2011.
-------- --- old-versions/11.4/all/gimp/gimp.changes 2011-02-15 10:17:26.000000000 +0100 +++ 11.4/gimp/gimp.changes 2011-05-27 23:16:24.000000000 +0200 @@ -1,0 +2,6 @@ +Fri May 27 20:58:33 UTC 2011 - [email protected] + +- Modify gimp-CVE-2010-4543.patch to include fix for the second + part of bnc#692877. (CVE-2011-1782) + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/gimp Destination is old-versions/11.4/UPDATES/all/gimp calling whatdependson for 11.4-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gimp.spec ++++++ --- /var/tmp/diff_new_pack.GccyZ4/_old 2011-05-31 15:44:18.000000000 +0200 +++ /var/tmp/diff_new_pack.GccyZ4/_new 2011-05-31 15:44:18.000000000 +0200 @@ -49,7 +49,7 @@ BuildRequires: xorg-x11-libXfixes-devel Url: http://www.gimp.org/ Version: 2.6.11 -Release: 6 +Release: 13.<RELEASE14> License: GPLv2+ Group: Productivity/Graphics/Bitmap Editors Suggests: AdobeICCProfiles ++++++ gimp-CVE-2010-4543.patch ++++++ --- /var/tmp/diff_new_pack.GccyZ4/_old 2011-05-31 15:44:19.000000000 +0200 +++ /var/tmp/diff_new_pack.GccyZ4/_new 2011-05-31 15:44:19.000000000 +0200 @@ -14,7 +14,7 @@ fread (buf, runcount, 1, f); + + /* prevent buffer overflow for bogus data */ -+ runcount = MIN (runcount, endq - q); ++ runcount = MIN (runcount, (endq - q) / bytespp); + if (bytespp == 1) { ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
