Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: pu
Hi,
as asked by the security team, I've updated src:okular from stable using s-p-u
(instead of DSA) to fix CVE-2010-2575, released and fixed upstream today.
Attached there is the debdiff of the update.
Thanks,
--
Pino Toscano
diff -u okular-0.7/debian/changelog okular-0.7/debian/changelog
--- okular-0.7/debian/changelog
+++ okular-0.7/debian/changelog
@@ -1,3 +1,10 @@
+okular (0.7-2+lenny1) stable; urgency=low
+
+ * New patch CVE-2010-2575.diff:
+ + Taken from upstream r1167825 to fix CVE-2010-2575.
+
+ -- Pino Toscano <p...@kde.org> Wed, 25 Aug 2010 15:52:12 +0200
+
okular (0.7-2) unstable; urgency=low
* New patch 11_r839617_printpreview.diff:
diff -u okular-0.7/debian/patches/series okular-0.7/debian/patches/series
--- okular-0.7/debian/patches/series
+++ okular-0.7/debian/patches/series
@@ -3,0 +4 @@
+CVE-2010-2575.diff
only in patch2:
unchanged:
--- okular-0.7.orig/debian/patches/CVE-2010-2575.diff
+++ okular-0.7/debian/patches/CVE-2010-2575.diff
@@ -0,0 +1,30 @@
+Index: kdegraphics/okular/generators/plucker/unpluck/image.cpp
+===================================================================
+--- kdegraphics/okular/generators/plucker/unpluck/image.cpp (revision 1167824)
++++ kdegraphics/okular/generators/plucker/unpluck/image.cpp (revision 1167825)
+@@ -289,8 +289,23 @@
+ for (j = 0; j < bytes_per_row;) {
+ incount = *palm_ptr++;
+ inval = *palm_ptr++;
+- memset (rowbuf + j, inval, incount);
+- j += incount;
++ if (incount + j <= bytes_per_row * width)
++ {
++ memset (rowbuf + j, inval, incount);
++ j += incount;
++ }
++ else
++ {
++ free (rowbuf);
++ free (lastrow);
++ free (jpeg_row);
++
++ jpeg_destroy_compress (&cinfo);
++
++ fclose( outfile );
++
++ return false;
++ }
+ }
+ }
+ else if ((flags & PALM_IS_COMPRESSED_FLAG)
