/[packages]/updates/6/gimp/current/SOURCES/790783-buffer-overread-in-XCF-parser-if-version-fiel.patch
ViewVC logotype

Contents of /updates/6/gimp/current/SOURCES/790783-buffer-overread-in-XCF-parser-if-version-fiel.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1188361 - (show annotations) (download)
Sun Dec 31 16:02:54 2017 UTC (6 years, 2 months ago) by luigiwalser
File size: 1012 byte(s)
add patches from debian to fix CVE-2017-1778[4-9]
1 From: Hanno Boeck <hanno@hboeck.de>
2 Date: Mon, 27 Nov 2017 00:37:29 +0100
3 Subject: 790783 - buffer overread in XCF parser if version field...
4 Origin: https://git.gnome.org/browse/GIMP/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126
5 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17788
6 Bug-Debian: https://bugs.debian.org/885347
7 Bug: https://bugzilla.gnome.org/show_bug.cgi?id=790783
8
9 ...has no null terminator
10
11 Check for the presence of '\0' before using atoi() on the version
12 string. Patch slightly modified (mitch).
13 [carnil: backport to gimp-2-8: affected code in xcf_load_invoker]
14 ---
15 app/xcf/xcf.c | 3 ++-
16 1 file changed, 2 insertions(+), 1 deletion(-)
17
18 --- a/app/xcf/xcf.c
19 +++ b/app/xcf/xcf.c
20 @@ -318,7 +318,8 @@ xcf_load_invoker (GimpProcedure *pr
21 {
22 info.file_version = 0;
23 }
24 - else if (id[9] == 'v')
25 + else if (id[9] == 'v' &&
26 + id[13] == '\0')
27 {
28 info.file_version = atoi (id + 10);
29 }

  ViewVC Help
Powered by ViewVC 1.1.30