r49721 - in /desktop/jessie/eog/debian: changelog patches/0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch patches/series
rbalint at users.alioth.debian.org
rbalint at users.alioth.debian.org
Sat Aug 27 21:09:12 UTC 2016
Author: rbalint
Date: Sat Aug 27 21:09:12 2016
New Revision: 49721
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=49721
Log:
Add fix to eog for CVE-2016-6855
Added:
desktop/jessie/eog/debian/patches/0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch
Modified:
desktop/jessie/eog/debian/changelog
desktop/jessie/eog/debian/patches/series
Modified: desktop/jessie/eog/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/jessie/eog/debian/changelog?rev=49721&op=diff
==============================================================================
--- desktop/jessie/eog/debian/changelog [utf-8] (original)
+++ desktop/jessie/eog/debian/changelog [utf-8] Sat Aug 27 21:09:12 2016
@@ -1,3 +1,10 @@
+eog (3.14.1-1+deb8u1) UNRELEASED; urgency=medium
+
+ * Make sure error messages are valid UTF8. This fixes out-of-bounds
+ write when passing invalid UTF-8 to GMarkup (CVE-2016-6855)
+
+ -- Balint Reczey <balint at balintreczey.hu> Sat, 27 Aug 2016 22:21:00 +0200
+
eog (3.14.1-1) unstable; urgency=medium
* New upstream release.
Added: desktop/jessie/eog/debian/patches/0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/jessie/eog/debian/patches/0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch?rev=49721&op=file
==============================================================================
--- desktop/jessie/eog/debian/patches/0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch (added)
+++ desktop/jessie/eog/debian/patches/0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch [utf-8] Sat Aug 27 21:09:12 2016
@@ -0,0 +1,47 @@
+From e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4 Mon Sep 17 00:00:00 2001
+From: Felix Riemann <friemann at gnome.org>
+Date: Sun, 21 Aug 2016 15:56:46 +0200
+Subject: [PATCH] EogErrorMessageArea: Make sure error messages are valid UTF8
+
+GMarkup requires valid UTF8 input strings and would cause odd
+looking messages if given invalid input. This could also trigger an
+out-of-bounds write in glib before 2.44.1. Reported by kaslovdmitri.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=770143
+---
+ src/eog-error-message-area.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/eog-error-message-area.c b/src/eog-error-message-area.c
+index 22de7b1..938ba96 100644
+--- a/src/eog-error-message-area.c
++++ b/src/eog-error-message-area.c
+@@ -28,6 +28,7 @@
+
+ #include "eog-error-message-area.h"
+ #include "eog-image.h"
++#include "eog-util.h"
+
+ #include <glib.h>
+ #include <glib/gi18n.h>
+@@ -218,7 +219,7 @@ eog_image_load_error_message_area_new (const gchar *caption,
+ error_message = g_strdup_printf (_("Could not load image '%s'."),
+ pango_escaped_caption);
+
+- message_details = g_strdup (error->message);
++ message_details = eog_util_make_valid_utf8 (error->message);
+
+ message_area = create_error_message_area (error_message,
+ message_details,
+@@ -260,7 +261,7 @@ eog_image_save_error_message_area_new (const gchar *caption,
+ error_message = g_strdup_printf (_("Could not save image '%s'."),
+ pango_escaped_caption);
+
+- message_details = g_strdup (error->message);
++ message_details = eog_util_make_valid_utf8 (error->message);
+
+ message_area = create_error_message_area (error_message,
+ message_details,
+--
+2.1.4
+
Modified: desktop/jessie/eog/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/jessie/eog/debian/patches/series?rev=49721&op=diff
==============================================================================
--- desktop/jessie/eog/debian/patches/series [utf-8] (original)
+++ desktop/jessie/eog/debian/patches/series [utf-8] Sat Aug 27 21:09:12 2016
@@ -0,0 +1 @@
+0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch
More information about the pkg-gnome-commits
mailing list