From 8fa8ea6a1c29a8a743925013bad61e6bc1421809 Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Dec 03 2008 12:53:39 +0000 Subject: - Applied patch to fix STR #2974 (bug #473905, CVE-2008-5286, CVE-2008-1722). --- diff --git a/cups-CVE-2008-5286.patch b/cups-CVE-2008-5286.patch new file mode 100644 index 0000000..285df0b --- /dev/null +++ b/cups-CVE-2008-5286.patch @@ -0,0 +1,21 @@ +diff -up cups-1.3.9/filter/image-png.c.CVE-2008-5286 cups-1.3.9/filter/image-png.c +--- cups-1.3.9/filter/image-png.c.CVE-2008-5286 2008-07-11 23:48:49.000000000 +0100 ++++ cups-1.3.9/filter/image-png.c 2008-12-03 12:23:14.000000000 +0000 +@@ -178,7 +178,7 @@ _cupsImageReadPNG( + { + bufsize = img->xsize * img->ysize; + +- if ((bufsize / img->ysize) != img->xsize) ++ if ((bufsize / img->xsize) != img->ysize) + { + fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", + (unsigned)width, (unsigned)height); +@@ -190,7 +190,7 @@ _cupsImageReadPNG( + { + bufsize = img->xsize * img->ysize * 3; + +- if ((bufsize / (img->ysize * 3)) != img->xsize) ++ if ((bufsize / (img->xsize * 3)) != img->ysize) + { + fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", + (unsigned)width, (unsigned)height); diff --git a/cups.spec b/cups.spec index 5dca24f..39800d3 100644 --- a/cups.spec +++ b/cups.spec @@ -47,6 +47,7 @@ Patch21: cups-driverd-timeout.patch Patch22: cups-strict-ppd-line-length.patch Patch25: cups-usb-paperout.patch Patch26: cups-CVE-2008-5183.patch +Patch27: cups-CVE-2008-5286.patch Patch100: cups-lspp.patch Epoch: 1 Url: http://www.cups.org/ @@ -161,6 +162,7 @@ lpd emulation. %patch22 -p1 -b .strict-ppd-line-length %patch25 -p1 -b .usb-paperout %patch26 -p1 -b .CVE-2008-5183 +%patch27 -p1 -b .CVE-2008-5286 %if %lspp %patch100 -p1 -b .lspp @@ -455,6 +457,8 @@ rm -rf $RPM_BUILD_ROOT %changelog * Wed Dec 3 2008 Tim Waugh +- Applied patch to fix STR #2974 (bug #473905, CVE-2008-5286, + CVE-2008-1722). - Applied patch to fix RSS subscription limiting (bug #473901, CVE-2008-5183).