r19964 - in /desktop/lenny/pango1.0/debian: changelog patches/22_CVE-2009-1194.patch patches/series
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Thu May 14 07:35:05 UTC 2009
Author: joss
Date: Thu May 14 07:35:05 2009
New Revision: 19964
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=19964
Log:
* Merge changes from the 1.20.5-3+lenny1 security upload by Steffen
Joeris:
+ 22_CVE-2009-1194.patch: Fix integer overflow via long glyphstrings
(Closes: #527474)
Fixes: CVE-2009-1194
Added:
desktop/lenny/pango1.0/debian/patches/22_CVE-2009-1194.patch
Modified:
desktop/lenny/pango1.0/debian/changelog
desktop/lenny/pango1.0/debian/patches/series
Modified: desktop/lenny/pango1.0/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/pango1.0/debian/changelog?rev=19964&op=diff
==============================================================================
--- desktop/lenny/pango1.0/debian/changelog (original)
+++ desktop/lenny/pango1.0/debian/changelog Thu May 14 07:35:05 2009
@@ -1,3 +1,13 @@
+pango1.0 (1.20.5-5) stable; urgency=low
+
+ * Merge changes from the 1.20.5-3+lenny1 security upload by Steffen
+ Joeris:
+ + 22_CVE-2009-1194.patch: Fix integer overflow via long glyphstrings
+ (Closes: #527474)
+ Fixes: CVE-2009-1194
+
+ -- Josselin Mouette <joss at debian.org> Thu, 14 May 2009 09:33:18 +0200
+
pango1.0 (1.20.5-4) stable; urgency=low
* 21_harfbuzz_gpos.patch: backport patch from upstream to fix GPOS
Added: desktop/lenny/pango1.0/debian/patches/22_CVE-2009-1194.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/pango1.0/debian/patches/22_CVE-2009-1194.patch?rev=19964&op=file
==============================================================================
--- desktop/lenny/pango1.0/debian/patches/22_CVE-2009-1194.patch (added)
+++ desktop/lenny/pango1.0/debian/patches/22_CVE-2009-1194.patch Thu May 14 07:35:05 2009
@@ -1,0 +1,38 @@
+--- ../old/pango1.0-1.20.5/pango/glyphstring.c 2008-05-03 17:23:01.000000000 +0000
++++ pango1.0-1.20.5/pango/glyphstring.c 2009-05-09 08:35:38.000000000 +0000
+@@ -61,14 +61,29 @@
+ while (new_len > string->space)
+ {
+ if (string->space == 0)
+- string->space = 1;
++ {
++ string->space = 4;
++ }
+ else
+- string->space *= 2;
++ {
++ const guint max_space =
++ MIN (G_MAXINT, G_MAXSIZE / MAX (sizeof(PangoGlyphInfo), sizeof(gint)));
+
+- if (string->space < 0)
+- {
+- g_warning ("glyph string length overflows maximum integer size, truncated");
+- new_len = string->space = G_MAXINT - 8;
++ guint more_space = (guint)string->space * 2;
++
++ if (more_space > max_space)
++ {
++ more_space = max_space;
++
++ if ((guint)new_len > max_space)
++ {
++ g_error ("%s: failed to allocate glyph string of length %i\n",
++ G_STRLOC, new_len);
++ }
++ }
++
++ string->space = more_space;
++
+ }
+ }
+
Modified: desktop/lenny/pango1.0/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/pango1.0/debian/patches/series?rev=19964&op=diff
==============================================================================
--- desktop/lenny/pango1.0/debian/patches/series (original)
+++ desktop/lenny/pango1.0/debian/patches/series Thu May 14 07:35:05 2009
@@ -3,5 +3,6 @@
12_module-files-append-compat-module-files-d.patch
20_indic_rendering.patch
21_harfbuzz_gpos.patch
+22_CVE-2009-1194.patch
60_link-pangoxft-to-fontconfig.patch
70_automake.patch
More information about the pkg-gnome-commits
mailing list