Date: Sun, 2 Mar 2008 11:12:17 GMT From: bf <bf2006a@yahoo.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/121283: [PATCH]print/ghostscript-gpl: fix security hole in 8.61 Message-ID: <200803021112.m22BCH3W077646@www.freebsd.org> Resent-Message-ID: <200803021120.m22BK3Ua000334@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 121283 >Category: ports >Synopsis: [PATCH]print/ghostscript-gpl: fix security hole in 8.61 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 02 11:20:03 UTC 2008 >Closed-Date: >Last-Modified: >Originator: bf >Release: 7.0-STABLE i386 >Organization: - >Environment: >Description: Fix CVE-2008-0411( http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0411 http://scary.beasts.org/security/CESA-2008-001.html ), using a Red Hat patch from: https://bugzilla.redhat.com/attachment.cgi?id=294020 and bump portrevision. The new version hasn't been in ports long, but I guess a vuxml entry should be added, to be on the safe side. >How-To-Repeat: >Fix: Patch attached with submission follows: diff -ruN ghostscript-gpl.orig/Makefile.inc ghostscript-gpl/Makefile.inc --- ghostscript-gpl.orig/Makefile.inc 2008-03-02 05:35:02.974196911 -0500 +++ ghostscript-gpl/Makefile.inc 2008-03-02 06:10:09.734862303 -0500 @@ -1,5 +1,5 @@ # $FreeBSD: ports/print/ghostscript-gpl/Makefile.inc,v 1.25 2008/03/01 11:07:51 rafan Exp $ GS_VERSION= 8.61 -GS_REVISION= 1 +GS_REVISION= 2 GS_EPOCH= 0 diff -ruN ghostscript-gpl.orig/files/patch-src:zicc.c ghostscript-gpl/files/patch-src:zicc.c --- ghostscript-gpl.orig/files/patch-src:zicc.c 1969-12-31 19:00:00.000000000 -0500 +++ ghostscript-gpl/files/patch-src:zicc.c 2008-03-02 02:36:37.076258881 -0500 @@ -0,0 +1,12 @@ +--- src/zicc.c ++++ src/zicc.c 2008-02-05 16:11:59.000000000 +0000 +@@ -77,6 +77,9 @@ zseticcspace(i_ctx_t * i_ctx_p) + dict_find_string(op, "N", &pnval); + ncomps = pnval->value.intval; + ++ if (2*ncomps > sizeof(range_buff)/sizeof(float)) ++ return_error(e_rangecheck); ++ + /* verify the DataSource entry */ + if (dict_find_string(op, "DataSource", &pstrmval) <= 0) + return_error(e_undefined); >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803021112.m22BCH3W077646>