Hello community,

here is the log from the commit of package optipng for openSUSE:Factory checked 
in at 2017-11-27 22:18:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/optipng (Old)
 and      /work/SRC/openSUSE:Factory/.optipng.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "optipng"

Mon Nov 27 22:18:21 2017 rev:35 rq:545849 version:0.7.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/optipng/optipng.changes  2017-11-20 
17:07:28.949252300 +0100
+++ /work/SRC/openSUSE:Factory/.optipng.new/optipng.changes     2017-11-27 
22:18:31.458388237 +0100
@@ -1,0 +2,7 @@
+Mon Nov 27 08:19:44 UTC 2017 - pgaj...@suse.com
+
+- security update:
+  * CVE-2017-16938 [bsc#1069774]
+    + optipng-CVE-2017-16938.patch
+
+-------------------------------------------------------------------

New:
----
  optipng-CVE-2017-16938.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ optipng.spec ++++++
--- /var/tmp/diff_new_pack.uXgLU7/_old  2017-11-27 22:18:32.290358041 +0100
+++ /var/tmp/diff_new_pack.uXgLU7/_new  2017-11-27 22:18:32.290358041 +0100
@@ -26,6 +26,7 @@
 Source0:        
http://downloads.sourceforge.net/project/optipng/OptiPNG/optipng-%{version}/optipng-%{version}.tar.gz
 Source1:        macros.optipng
 Patch0:         optipng-CVE-2017-1000229.patch
+Patch1:         optipng-CVE-2017-16938.patch
 BuildRequires:  libpng-devel
 BuildRequires:  zlib-devel
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -39,6 +40,7 @@
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 # not autotools generated configure

++++++ optipng-CVE-2017-16938.patch ++++++
--- a/src/gifread/gifread.c
+++ b/src/gifread/gifread.c
@@ -499,6 +499,8 @@ static int LZWReadByte(int init_flag, int input_code_size, 
FILE *stream)
             *sp++ = table[1][code];
             if (code == table[0][code])
                 GIFError("GIF/LZW error: circular table entry");
+            if ((size_t)(sp - stack) >= sizeof(stack) / sizeof(stack[0]))
+                GIFError("GIF/LZW error: circular table");
             code = table[0][code];
         }



Reply via email to