rev 7245 - in trunk/packages/kdegraphics/debian: . patches
Ana Beatriz Guerrero López
ana at alioth.debian.org
Wed Sep 26 20:05:46 UTC 2007
Author: ana
Date: 2007-09-26 20:05:46 +0000 (Wed, 26 Sep 2007)
New Revision: 7245
Added:
trunk/packages/kdegraphics/debian/patches/21_CVE-2007-5049.diff
Modified:
trunk/packages/kdegraphics/debian/changelog
trunk/packages/kdegraphics/debian/kcoloredit.menu
trunk/packages/kdegraphics/debian/kdvi.menu
trunk/packages/kdegraphics/debian/kfax.menu
trunk/packages/kdegraphics/debian/kfaxview.menu
trunk/packages/kdegraphics/debian/kghostview.menu
trunk/packages/kdegraphics/debian/kiconedit.menu
trunk/packages/kdegraphics/debian/kolourpaint.menu
trunk/packages/kdegraphics/debian/kooka.menu
trunk/packages/kdegraphics/debian/kpdf.menu
trunk/packages/kdegraphics/debian/kpovmodeler.menu
trunk/packages/kdegraphics/debian/kruler.menu
trunk/packages/kdegraphics/debian/ksnapshot.menu
trunk/packages/kdegraphics/debian/kuickshow.menu
trunk/packages/kdegraphics/debian/kview.menu
Log:
* Patch for stack-based buffer overflow in the StreamPredictor::getNextLine
function in xpd that might allow remote attackers to execute arbitrary code
via a crafted PDF file. CVE-2007-504. (Closes: #444015)
* Update section in Debian menu files. Thanks to Yann Dirson for
suggestions. (Closes: #435120)
Modified: trunk/packages/kdegraphics/debian/changelog
===================================================================
--- trunk/packages/kdegraphics/debian/changelog 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/changelog 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,3 +1,14 @@
+kdegraphics (4:3.5.7-4) unstable; urgency=high
+
+ * Patch for stack-based buffer overflow in the StreamPredictor::getNextLine
+ function in xpd that might allow remote attackers to execute arbitrary code
+ via a crafted PDF file. CVE-2007-504. (Closes: #444015)
+
+ * Update section in Debian menu files. Thanks to Yann Dirson for
+ suggestions. (Closes: #435120)
+
+ -- Ana Beatriz Guerrero Lopez <ana at debian.org> Wed, 26 Sep 2007 11:15:28 +0200
+
kdegraphics (4:3.5.7-3) unstable; urgency=high
* Implement use of uploaders.mk and update uploaders.
Modified: trunk/packages/kdegraphics/debian/kcoloredit.menu
===================================================================
--- trunk/packages/kdegraphics/debian/kcoloredit.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/kcoloredit.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(kcoloredit):\
needs="X11"\
- section="Apps/Graphics"\
+ section="Applications/Graphics"\
hints="KDE"\
title="KColorChooser"\
icon32x32="/usr/share/pixmaps/kcolorchooser.xpm"\
@@ -9,7 +9,7 @@
?package(kcoloredit):\
needs="X11"\
- section="Apps/Graphics"\
+ section="Applications/Graphics"\
hints="KDE"\
title="KColorEdit"\
icon32x32="/usr/share/pixmaps/kcoloredit.xpm"\
Modified: trunk/packages/kdegraphics/debian/kdvi.menu
===================================================================
--- trunk/packages/kdegraphics/debian/kdvi.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/kdvi.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(kdvi):\
needs="X11"\
- section="Apps/Viewers"\
+ section="Applications/Viewers"\
hints="KDE,DVI,Documents"\
title="KDVI"\
icon32x32="/usr/share/pixmaps/kdvi.xpm"\
Modified: trunk/packages/kdegraphics/debian/kfax.menu
===================================================================
--- trunk/packages/kdegraphics/debian/kfax.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/kfax.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(kfax):\
needs="X11"\
- section="Apps/Graphics"\
+ section="Applications/Viewers"\
hints="KDE"\
title="KFax"\
icon32x32="/usr/share/pixmaps/kfax.xpm"\
Modified: trunk/packages/kdegraphics/debian/kfaxview.menu
===================================================================
--- trunk/packages/kdegraphics/debian/kfaxview.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/kfaxview.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(kfaxview):\
needs="X11"\
- section="Apps/Graphics"\
+ section="Applications/Viewers"\
hints="KDE"\
title="KFaxView"\
icon32x32="/usr/share/pixmaps/kfaxview.xpm"\
Modified: trunk/packages/kdegraphics/debian/kghostview.menu
===================================================================
--- trunk/packages/kdegraphics/debian/kghostview.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/kghostview.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(kghostview):\
needs="X11"\
- section="Apps/Viewers"\
+ section="Applications/Viewers"\
hints="KDE,Documents"\
title="KGhostView"\
icon32x32="/usr/share/pixmaps/kghostview.xpm"\
Modified: trunk/packages/kdegraphics/debian/kiconedit.menu
===================================================================
--- trunk/packages/kdegraphics/debian/kiconedit.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/kiconedit.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(kiconedit):\
needs="X11"\
- section="Apps/Graphics"\
+ section="Applications/Graphics"\
hints="KDE"\
title="KIconEdit"\
icon32x32="/usr/share/pixmaps/kiconedit.xpm"\
Modified: trunk/packages/kdegraphics/debian/kolourpaint.menu
===================================================================
--- trunk/packages/kdegraphics/debian/kolourpaint.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/kolourpaint.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(kolourpaint):\
needs="X11"\
- section="Apps/Graphics"\
+ section="Applications/Graphics"\
hints="KDE"\
title="KolourPaint"\
icon32x32="/usr/share/pixmaps/kolourpaint.xpm"\
Modified: trunk/packages/kdegraphics/debian/kooka.menu
===================================================================
--- trunk/packages/kdegraphics/debian/kooka.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/kooka.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(kooka):\
needs="X11"\
- section="Apps/Graphics"\
+ section="Applications/Graphics"\
hints="KDE"\
title="Kooka"\
icon32x32="/usr/share/pixmaps/kooka.xpm"\
Modified: trunk/packages/kdegraphics/debian/kpdf.menu
===================================================================
--- trunk/packages/kdegraphics/debian/kpdf.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/kpdf.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(kpdf):\
needs="X11"\
- section="Apps/Graphics"\
+ section="Applications/Viewers"\
hints="KDE"\
title="KPDF"\
icon32x32="/usr/share/pixmaps/kpdf.xpm"\
Modified: trunk/packages/kdegraphics/debian/kpovmodeler.menu
===================================================================
--- trunk/packages/kdegraphics/debian/kpovmodeler.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/kpovmodeler.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(kpovmodeler):\
needs="X11"\
- section="Apps/Graphics"\
+ section="Applications/Graphics"\
hints="KDE,Modeler"\
title="KPovModeler"\
icon32x32="/usr/share/pixmaps/kpovmodeler.xpm"\
Modified: trunk/packages/kdegraphics/debian/kruler.menu
===================================================================
--- trunk/packages/kdegraphics/debian/kruler.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/kruler.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(kruler):\
needs="X11"\
- section="Apps/Graphics"\
+ section="Applications/Viewers"\
hints="KDE"\
title="KRuler"\
icon32x32="/usr/share/pixmaps/kruler.xpm"\
Modified: trunk/packages/kdegraphics/debian/ksnapshot.menu
===================================================================
--- trunk/packages/kdegraphics/debian/ksnapshot.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/ksnapshot.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(ksnapshot):\
needs="X11"\
- section="Apps/Graphics"\
+ section="Applications/Graphics"\
hints="KDE"\
title="KSnapshot"\
icon32x32="/usr/share/pixmaps/ksnapshot.xpm"\
Modified: trunk/packages/kdegraphics/debian/kuickshow.menu
===================================================================
--- trunk/packages/kdegraphics/debian/kuickshow.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/kuickshow.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(kuickshow):\
needs="X11"\
- section="Apps/Graphics"\
+ section="Applications/Viewers"\
hints="KDE"\
title="Kuickshow"\
icon32x32="/usr/share/pixmaps/kuickshow.xpm"\
Modified: trunk/packages/kdegraphics/debian/kview.menu
===================================================================
--- trunk/packages/kdegraphics/debian/kview.menu 2007-09-26 19:44:24 UTC (rev 7244)
+++ trunk/packages/kdegraphics/debian/kview.menu 2007-09-26 20:05:46 UTC (rev 7245)
@@ -1,6 +1,6 @@
?package(kview):\
needs="X11"\
- section="Apps/Viewers"\
+ section="Applications/Viewers"\
hints="KDE,Images"\
title="KView"\
icon32x32="/usr/share/pixmaps/kview.xpm"\
Added: trunk/packages/kdegraphics/debian/patches/21_CVE-2007-5049.diff
===================================================================
--- trunk/packages/kdegraphics/debian/patches/21_CVE-2007-5049.diff (rev 0)
+++ trunk/packages/kdegraphics/debian/patches/21_CVE-2007-5049.diff 2007-09-26 20:05:46 UTC (rev 7245)
@@ -0,0 +1,22 @@
+--- kpdf/xpdf/xpdf/Stream.cc.patchedA 2007-09-26 21:50:45.000000000 +0200
++++ kpdf/xpdf/xpdf/Stream.cc 2007-09-26 22:01:18.000000000 +0200
+@@ -410,15 +410,12 @@
+ ok = gFalse;
+
+ nVals = width * nComps;
+- if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+- nComps > gfxColorMaxComps || nBits > 16 ||
+- width >= INT_MAX / nComps ||
+- nVals >= (INT_MAX - 7) / nBits) {
+- return;
+- }
+ pixBytes = (nComps * nBits + 7) >> 3;
+ rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+- if (rowBytes <= 0) {
++ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++ nComps > gfxColorMaxComps || nBits > 16 ||
++ width >= INT_MAX / nComps || // check for overflow in nVals
++ nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
+ return;
+ }
+ predLine = (Guchar *)gmalloc(rowBytes);
More information about the pkg-kde-commits
mailing list