Bruce Dubbs wrote:
> [email protected] wrote:
>> Author: ag
>> Date: 2008-12-27 00:14:05 -0700 (Sat, 27 Dec 2008)
>> New Revision: 7672
>>
>> Modified:
>> trunk/BOOK/general/graphlib/imlib2.xml
>> trunk/BOOK/introduction/welcome/changelog.xml
>> Log:
>> Apply a patch to imlib2 to fix CVE-2008-5187
>
> Ag, you are missing the instruction to actually apply the patch -- e.g.
> patch -Np1 -i ../mlib2-1.4.2-CVE-2008-5187.patch
Also, the patch you uploaded is wrong. It should be:
ndex: /trunk/imlib2/src/modules/loaders/loader_xpm.c
===================================================================
--- /trunk/imlib2/src/modules/loaders/loader_xpm.c (revision 35900)
+++ /trunk/imlib2/src/modules/loaders/loader_xpm.c (revision 37744)
@@ -254,6 +254,6 @@
}
ptr = im->data;
- end = ptr + (sizeof(DATA32) * w * h);
pixels = w * h;
+ end = ptr + (pixels);
}
else
Although the parens around the pixels variable do nothing. Your patch has the
end= statement one line too soon.
-- Bruce
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
