Hello community,

here is the log from the commit of package ghostscript for openSUSE:Factory 
checked in at 2015-08-10 09:11:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghostscript (Old)
 and      /work/SRC/openSUSE:Factory/.ghostscript.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ghostscript"

Changes:
--------
--- /work/SRC/openSUSE:Factory/ghostscript/ghostscript-mini.changes     
2015-04-05 02:03:38.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.ghostscript.new/ghostscript-mini.changes        
2015-08-10 09:11:52.000000000 +0200
@@ -1,0 +2,6 @@
+Wed Jul 29 15:20:46 CEST 2015 - jsm...@suse.de
+
+- CVE-2015-3228.patch fixes out of bound read/write cause
+  by integer overflow in gsmalloc.c (boo#939342).
+
+-------------------------------------------------------------------
ghostscript.changes: same change

New:
----
  CVE-2015-3228.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ghostscript-mini.spec ++++++
--- /var/tmp/diff_new_pack.ID0vvU/_old  2015-08-10 09:11:53.000000000 +0200
+++ /var/tmp/diff_new_pack.ID0vvU/_new  2015-08-10 09:11:53.000000000 +0200
@@ -76,6 +76,9 @@
 # Source100...Source999 is for sources from SUSE which are not intended for 
upstream:
 #
 # Patch100...Patch999 is for patches from SUSE which are not intended for 
upstream:
+# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer 
overflow
+# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342):
+Patch101:       CVE-2015-3228.patch
 #
 Conflicts:      ghostscript
 Conflicts:      ghostscript-x11
@@ -149,7 +152,10 @@
 # because LCMS 1.x is removed since Ghostscript 9.16
 # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed
 # see http://bugs.ghostscript.com/show_bug.cgi?id=695544
-%patch11 -p1
+%patch11 -p1 -b ppc64le-support.orig
+# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer 
overflow
+# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342):
+%patch101 -b .CVE-2015-3228.orig
 
 %build
 # Set our preferred architecture-specific flags for the compiler and linker:

++++++ ghostscript.spec ++++++
--- /var/tmp/diff_new_pack.ID0vvU/_old  2015-08-10 09:11:53.000000000 +0200
+++ /var/tmp/diff_new_pack.ID0vvU/_new  2015-08-10 09:11:53.000000000 +0200
@@ -96,6 +96,9 @@
 # Source100...Source999 is for sources from SUSE which are not intended for 
upstream:
 #
 # Patch100...Patch999 is for patches from SUSE which are not intended for 
upstream:
+# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer 
overflow
+# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342):
+Patch101:       CVE-2015-3228.patch
 #
 # RPM dependencies:
 # Additional RPM Provides of the ghostscript-library packages in openSUSE 11.4 
from
@@ -286,7 +289,10 @@
 # because LCMS 1.x is removed since Ghostscript 9.16
 # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed
 # see http://bugs.ghostscript.com/show_bug.cgi?id=695544
-%patch11 -p1
+%patch11 -p1 -b ppc64le-support.orig
+# Patch101 CVE-2015-3228.patch fixes out of bound read/write cause by integer 
overflow
+# in gsmalloc.c (see https://bugzilla.opensuse.org/show_bug.cgi?id=939342):
+%patch101 -b .CVE-2015-3228.orig
 
 %build
 # Set our preferred architecture-specific flags for the compiler and linker:

++++++ CVE-2015-3228.patch ++++++
--- base/gsmalloc.c
+++ base/gsmalloc.c
@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, 
client_name_t cname)
     } else {
         uint added = size + sizeof(gs_malloc_block_t);
 
-        if (mmem->limit - added < mmem->used)
+        if (added <= size || mmem->limit - added < mmem->used)
             set_msg("exceeded limit");
         else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0)
             set_msg("failed");

Reply via email to