Hello community, here is the log from the commit of package evince for openSUSE:11.2 checked in at Mon Feb 21 18:09:26 CET 2011.
-------- --- old-versions/11.2/UPDATES/all/evince/evince.changes 2011-01-05 09:08:00.000000000 +0100 +++ 11.2/evince/evince.changes 2011-02-17 15:29:37.000000000 +0100 @@ -1,0 +2,6 @@ +Thu Feb 17 15:29:37 CET 2011 - [email protected] + +- Add evince-dvi-vulnerability-again.patch to fix another + vulnerability in the DVI backend. Fix bnc#671064. + +------------------------------------------------------------------- calling whatdependson for 11.2-i586 New: ---- evince-dvi-vulnerability-again.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ evince.spec ++++++ --- /var/tmp/diff_new_pack.kGrKSa/_old 2011-02-21 18:09:18.000000000 +0100 +++ /var/tmp/diff_new_pack.kGrKSa/_new 2011-02-21 18:09:18.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package evince (Version 2.28.2) +# spec file for package evince # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -40,7 +40,7 @@ BuildRequires: translation-update-upstream BuildRequires: update-desktop-files Version: 2.28.2 -Release: 0.<RELEASE2> +Release: 0.<RELEASE5> Url: http://www.gnome.org/projects/evince/ Group: Productivity/Office/Other License: GPLv2+ @@ -48,6 +48,8 @@ Source: ftp://ftp.gnome.org/pub/GNOME/sources/%{name}/0.4/%{name}-%{version}.tar.bz2 # PATCH-FIX-UPSTREAM evince-dvi-vulnerabilities.patch [email protected] -- CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643 Patch0: evince-dvi-vulnerabilities.patch +# PATCH-FIX-UPSTREAM evince-dvi-vulnerability-again.patch bgo#640923 bnc#671064 [email protected] -- Fix an issue similar to one fixed in evince-dvi-vulnerabilities.patch +Patch1: evince-dvi-vulnerability-again.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: %{name}-lang = %{version} # For the comics backend @@ -103,6 +105,7 @@ %setup -q translation-update-upstream %patch0 -p1 +%patch1 -p1 %build %configure --disable-static --with-pic\ ++++++ evince-dvi-vulnerability-again.patch ++++++ commit 439c5070022eab6cef7266aab47f978058012c72 Author: Vincent Untz <[email protected]> Date: Thu Feb 17 15:23:39 2011 +0100 backends: Fix another security issue in the dvi-backend This is similar to one of the fixes from d4139205. https://bugzilla.gnome.org/show_bug.cgi?id=640923 diff --git a/backend/dvi/mdvi-lib/afmparse.c b/backend/dvi/mdvi-lib/afmparse.c index 361e23d..e1cd115 100644 --- a/backend/dvi/mdvi-lib/afmparse.c +++ b/backend/dvi/mdvi-lib/afmparse.c @@ -190,7 +190,7 @@ static char *linetoken(FILE *stream) while ((ch = fgetc(stream)) == ' ' || ch == '\t' ); idx = 0; - while (ch != EOF && ch != lineterm) + while (ch != EOF && ch != lineterm && idx < MAX_NAME) { ident[idx++] = ch; ch = fgetc(stream); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
