Hello community, here is the log from the commit of package ghostscript for openSUSE:Factory checked in at 2015-08-10 09:11:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghostscript (Old) and /work/SRC/openSUSE:Factory/.ghostscript.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghostscript" Changes: -------- --- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes 2015-04-05 02:03:38.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ghostscript.new/ghostscript-mini.changes 2015-08-10 09:11:52.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Jul 29 15:20:46 CEST 2015 - jsm...@suse.de + +- CVE-2015-3228.patch fixes out of bound read/write cause + by integer overflow in gsmalloc.c (boo#939342). + +------------------------------------------------------------------- ghostscript.changes: same change New: ---- CVE-2015-3228.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghostscript-mini.spec ++++++ --- /var/tmp/diff_new_pack.ID0vvU/_old 2015-08-10 09:11:53.000000000 +0200 +++ /var/tmp/diff_new_pack.ID0vvU/_new 2015-08-10 09:11:53.000000000 +0200 @@ -76,6 +76,9 @@ # Source100...Source999 is for sources from SUSE which are not intended for upstream: # # Patch100...Patch999 is for patches from SUSE which are not intended for upstream: +# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer overflow +# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342): +Patch101: CVE-2015-3228.patch # Conflicts: ghostscript Conflicts: ghostscript-x11 @@ -149,7 +152,10 @@ # because LCMS 1.x is removed since Ghostscript 9.16 # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed # see http://bugs.ghostscript.com/show_bug.cgi?id=695544 -%patch11 -p1 +%patch11 -p1 -b ppc64le-support.orig +# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer overflow +# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342): +%patch101 -b .CVE-2015-3228.orig %build # Set our preferred architecture-specific flags for the compiler and linker: ++++++ ghostscript.spec ++++++ --- /var/tmp/diff_new_pack.ID0vvU/_old 2015-08-10 09:11:53.000000000 +0200 +++ /var/tmp/diff_new_pack.ID0vvU/_new 2015-08-10 09:11:53.000000000 +0200 @@ -96,6 +96,9 @@ # Source100...Source999 is for sources from SUSE which are not intended for upstream: # # Patch100...Patch999 is for patches from SUSE which are not intended for upstream: +# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer overflow +# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342): +Patch101: CVE-2015-3228.patch # # RPM dependencies: # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 from @@ -286,7 +289,10 @@ # because LCMS 1.x is removed since Ghostscript 9.16 # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed # see http://bugs.ghostscript.com/show_bug.cgi?id=695544 -%patch11 -p1 +%patch11 -p1 -b ppc64le-support.orig +# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer overflow +# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342): +%patch101 -b .CVE-2015-3228.orig %build # Set our preferred architecture-specific flags for the compiler and linker: ++++++ CVE-2015-3228.patch ++++++ --- base/gsmalloc.c +++ base/gsmalloc.c @@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, client_name_t cname) } else { uint added = size + sizeof(gs_malloc_block_t); - if (mmem->limit - added < mmem->used) + if (added <= size || mmem->limit - added < mmem->used) set_msg("exceeded limit"); else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0) set_msg("failed");