text ghostscript-esp.info, 1.12, 1.13 ghostscript-esp.patch, 1.6, 1.7

Tomoaki Okayama Sun, 09 Mar 2008 14:43:55 -0700

Update of /cvsroot/fink/dists/10.3/unstable/main/finkinfo/text
In directory 
sc8-pr-cvs17.sourceforge.net:/tmp/cvs-serv3756/10.3/unstable/main/finkinfo/text


Modified Files:
        ghostscript-esp.info ghostscript-esp.patch 
Log Message:
[SECURITY] Fix CVE-2008-0411. Imported from RedHat Linux.

Index: ghostscript-esp.patch
===================================================================
RCS file: 
/cvsroot/fink/dists/10.3/unstable/main/finkinfo/text/ghostscript-esp.patch,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- ghostscript-esp.patch       2 Oct 2007 01:14:51 -0000       1.6
+++ ghostscript-esp.patch       9 Mar 2008 21:43:45 -0000       1.7
@@ -769,3 +769,16 @@
 +      *)
 +              ${show} "usage: ${0##*/} {add|remove}" ;;
 +esac
+diff -up ghostscript-7.07/src/zicc.c.CVE-2008-0411 ghostscript-7.07/src/zicc.c
+--- ghostscript-7.07/src/zicc.c.CVE-2008-0411  2003-01-17 00:49:06.000000000 
+0000
++++ ghostscript-7.07/src/zicc.c        2008-02-19 10:08:00.000000000 +0000
+@@ -82,6 +82,9 @@ zseticcspace(i_ctx_t * i_ctx_p)
+     dict_find_string(op, "N", &pnval);
+     ncomps = pnval->value.intval;
+ 
++    if (2*ncomps > sizeof(range_buff)/sizeof(float))
++      return_error(e_rangecheck);
++
+     /* verify the DataSource entry */
+     if (dict_find_string(op, "DataSource", &pstrmval) <= 0)
+         return_error(e_undefined);

Index: ghostscript-esp.info
===================================================================
RCS file: 
/cvsroot/fink/dists/10.3/unstable/main/finkinfo/text/ghostscript-esp.info,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- ghostscript-esp.info        2 Oct 2007 01:14:51 -0000       1.12
+++ ghostscript-esp.info        9 Mar 2008 21:43:45 -0000       1.13
@@ -1,6 +1,6 @@
 Package: ghostscript-esp
 Version: 7.07.1
-Revision: 34
+Revision: 35
 Description: Enhanced GNU Ghostscript with better CJK and printer support
 Depends: x11, ghostscript-fonts, libjpeg-shlibs (>= 6b-1), libpng3-shlibs (>= 
1.2.5-3), libgettext3-shlibs, libiconv, applesystemfonts, appleotffonts, 
ipafonts, glib2-shlibs (>= 2.12.0-1), system-perl
 BuildDepends: x11-dev, libjpeg (>= 6b-1), libpng3 (>= 1.2.5-3), cups-dev, 
libgettext3-dev, libiconv-dev, glib2-dev (>= 2.12.0-1), pkgconfig
@@ -197,6 +197,9 @@
   based on Mr. Yamada's Web page: http://www.aihara.co.jp/~taiji/gyve/
 
  A patch to finkcups makes a shell script for handling CUPS files.
+
+ A patch to zicc.c is ghostscript-CVE-2008-0411.patch of RedHat rpm,
+ which fixes CVE-2008-0411.
 <<
 Maintainer: Todai Fink Team <[EMAIL PROTECTED]>
 Homepage: http://www.cups.org/ghostscript.php


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Fink-commits mailing list
[email protected]
http://news.gmane.org/gmane.os.apple.fink.cvs

[cvs] dists/10.3/unstable/main/finkinfo/text ghostscript-esp.info, 1.12, 1.13 ghostscript-esp.patch, 1.6, 1.7

Reply via email to