commit autotrace for openSUSE:Factory

Thu, 10 Nov 2022 05:24:18 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package autotrace for openSUSE:Factory 
checked in at 2022-11-10 14:23:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/autotrace (Old)
 and      /work/SRC/openSUSE:Factory/.autotrace.new.1597 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "autotrace"

Thu Nov 10 14:23:12 2022 rev:24 rq:1034972 version:0.31.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/autotrace/autotrace.changes      2022-05-19 
22:50:25.434419779 +0200
+++ /work/SRC/openSUSE:Factory/.autotrace.new.1597/autotrace.changes    
2022-11-10 14:24:09.822987864 +0100
@@ -1,0 +2,7 @@
+Tue Nov  8 22:31:34 UTC 2022 - Jason Sikes <jsi...@suse.com>
+
+- Added CVE-2022-32323.patch
+  * [bsc#1201529, CVE-2022-32323]
+  * Fixes Heap overflow in ReadImage()
+
+-------------------------------------------------------------------

New:
----
  CVE-2022-32323.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ autotrace.spec ++++++
--- /var/tmp/diff_new_pack.XUIjjI/_old  2022-11-10 14:24:10.358990898 +0100
+++ /var/tmp/diff_new_pack.XUIjjI/_new  2022-11-10 14:24:10.362990920 +0100
@@ -35,6 +35,8 @@
 Patch2:         CVE-2019-19004.patch
 # PATCH-FIX-SECURITY CVE-2019-19005.patch bsc1182159 CVE-2019-19005 
CVE-2017-9182, CVE-2017-9190 -- bitmap double free fix
 Patch3:         CVE-2019-19005.patch
+# PATCH-FIX-SECURITY CVE-2022-32323.patch bsc1201529 -- Heap overflow
+Patch4:         CVE-2022-32323.patch
 URL:            http://autotrace.sourceforge.net/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  ImageMagick-devel
@@ -81,6 +83,7 @@
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fno-tree-sra"

++++++ CVE-2022-32323.patch ++++++
diff --git a/input-bmp.c b/input-bmp.c
index c32ed29..222851e 100644
--- a/input-bmp.c
+++ b/input-bmp.c
@@ -345,6 +345,10 @@ ReadImage (FILE   *fd,
                *(temp++)= buffer[xpos * 4 + 1];
                *(temp++)= buffer[xpos * 4];
             }
+
+         if (ypos == 0)
+           break;
+
           --ypos; /* next line */
         }
     }
@@ -361,6 +365,10 @@ ReadImage (FILE   *fd,
                *(temp++)= buffer[xpos * 3 + 1];
                *(temp++)= buffer[xpos * 3];
             }
+
+         if (ypos == 0)
+           break;
+
           --ypos; /* next line */
         }
        }
@@ -378,6 +386,10 @@ ReadImage (FILE   *fd,
                *(temp++)= (unsigned char)(((rgb >> 5)  & 0x1f) * 8);
                *(temp++)= (unsigned char)(((rgb)       & 0x1f) * 8);
             }
+
+         if (ypos == 0)
+           break;
+
           --ypos; /* next line */
         }
     }

Reply via email to