Hello community, here is the log from the commit of package freerdp for openSUSE:Factory checked in at 2014-06-25 15:24:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/freerdp (Old) and /work/SRC/openSUSE:Factory/.freerdp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "freerdp" Changes: -------- --- /work/SRC/openSUSE:Factory/freerdp/freerdp.changes 2014-06-19 13:19:54.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.freerdp.new/freerdp.changes 2014-06-25 15:24:23.000000000 +0200 @@ -1,0 +2,7 @@ +Mon Jun 23 03:05:37 UTC 2014 - fezh...@suse.com + +- Add freerdp-CVE-2014-0791.patch to fix bnc#857491 + backported from upstream commit: + https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45 + +------------------------------------------------------------------- New: ---- freerdp-CVE-2014-0791.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ freerdp.spec ++++++ --- /var/tmp/diff_new_pack.UJBAJ7/_old 2014-06-25 15:24:24.000000000 +0200 +++ /var/tmp/diff_new_pack.UJBAJ7/_new 2014-06-25 15:24:24.000000000 +0200 @@ -35,6 +35,7 @@ Patch5: freerdp_branch-1.0.x_fix-kpdivide-issue831.patch # PATCH-FIX-UPSTREAM freerdp-CVE-2014-0250.patch bnc#880317 dli...@suse.com - backport from upstream Patch6: freerdp-CVE-2014-0250.patch +Patch7: freerdp-CVE-2014-0791.patch BuildRequires: alsa-devel BuildRequires: cmake BuildRequires: cups-devel @@ -86,6 +87,7 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 # use a versioned subdirectory for plugins in order to comply with the shared # library policy ed -s CMakeLists.txt 2>/dev/null <<'EOF' ++++++ freerdp-CVE-2014-0791.patch ++++++ >From 5253b9e27a2de48564f9b41eb3643a8edf11afe9 Mon Sep 17 00:00:00 2001 From: Felix Zhang <fezh...@suse.com> Date: Mon, 23 Jun 2014 12:57:55 +0800 Subject: [PATCH] CVE-2014-0791 --- libfreerdp-core/license.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libfreerdp-core/license.c b/libfreerdp-core/license.c index 60b9f93..2425ddc 100644 --- a/libfreerdp-core/license.c +++ b/libfreerdp-core/license.c @@ -539,6 +539,8 @@ void license_read_scope_list(STREAM* s, SCOPE_LIST* scopeList) uint32 scopeCount; stream_read_uint32(s, scopeCount); /* ScopeCount (4 bytes) */ + if (scopeCount > stream_get_left(s) / 4) /* every blob is at least 4 bytes */ + return; scopeList->count = scopeCount; scopeList->array = (LICENSE_BLOB*) xmalloc(sizeof(LICENSE_BLOB) * scopeCount); -- 1.7.12.4 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org