r22663 - in /desktop/etch/pango1.0/debian: changelog patches/CVE-2009-1194.patch patches/series

joss at users.alioth.debian.org joss at users.alioth.debian.org
Mon Dec 21 20:18:45 UTC 2009


Author: joss
Date: Mon Dec 21 20:18:44 2009
New Revision: 22663

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=22663
Log:
* Non-maintainer upload by the security team
* Fix integer overflow via long glyphstrings (Closes: #527474)
  Fixes: CVE-2009-1194

Added:
    desktop/etch/pango1.0/debian/patches/CVE-2009-1194.patch
Modified:
    desktop/etch/pango1.0/debian/changelog
    desktop/etch/pango1.0/debian/patches/series

Modified: desktop/etch/pango1.0/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/etch/pango1.0/debian/changelog?rev=22663&op=diff
==============================================================================
--- desktop/etch/pango1.0/debian/changelog [utf-8] (original)
+++ desktop/etch/pango1.0/debian/changelog [utf-8] Mon Dec 21 20:18:44 2009
@@ -1,3 +1,11 @@
+pango1.0 (1.14.8-5+etch1) oldstable-security; urgency=high
+
+  * Non-maintainer upload by the security team
+  * Fix integer overflow via long glyphstrings (Closes: #527474)
+    Fixes: CVE-2009-1194
+
+ -- Steffen Joeris <white at debian.org>  Sat, 09 May 2009 10:51:06 +0200
+
 pango1.0 (1.14.8-5) unstable; urgency=low
 
   * Use /usr/lib/$(DEB_HOST_GNU_TYPE) instead of /usr/$(DEB_HOST_GNU_TYPE)/lib

Added: desktop/etch/pango1.0/debian/patches/CVE-2009-1194.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/etch/pango1.0/debian/patches/CVE-2009-1194.patch?rev=22663&op=file
==============================================================================
--- desktop/etch/pango1.0/debian/patches/CVE-2009-1194.patch (added)
+++ desktop/etch/pango1.0/debian/patches/CVE-2009-1194.patch [utf-8] Mon Dec 21 20:18:44 2009
@@ -1,0 +1,37 @@
+--- ../old/pango1.0-1.14.8/pango/glyphstring.c	2006-07-09 00:15:32.000000000 +0200
++++ pango1.0-1.14.8/pango/glyphstring.c	2009-05-09 10:50:05.000000000 +0200
+@@ -61,14 +61,28 @@
+   while (new_len > string->space)
+     {
+       if (string->space == 0)
+-        string->space = 1;
++		{
++        	string->space = 4;
++		}
+       else
+-        string->space *= 2;
+-      
+-      if (string->space < 0)
+         {
+-	  g_warning ("glyph string length overflows maximum integer size, truncated");
+-	  new_len = string->space = G_MAXINT - 8;
++          const guint max_space =
++       MIN (G_MAXINT, G_MAXSIZE / MAX (sizeof(PangoGlyphInfo), sizeof(gint)));
++
++        guint more_space = (guint)string->space * 2;
++
++   if (more_space > max_space)
++       {
++          more_space = max_space;
++
++              if ((guint)new_len > max_space)
++               {
++                  g_error ("%s: failed to allocate glyph string of length %i\n",
++                        G_STRLOC, new_len);
++            }
++            }
++
++      string->space = more_space;
+ 	}
+     }
+   

Modified: desktop/etch/pango1.0/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/etch/pango1.0/debian/patches/series?rev=22663&op=diff
==============================================================================
--- desktop/etch/pango1.0/debian/patches/series [utf-8] (original)
+++ desktop/etch/pango1.0/debian/patches/series [utf-8] Mon Dec 21 20:18:44 2009
@@ -3,3 +3,4 @@
 12_module-files-append-compat-module-files-d.patch
 20_fix-fontconfig-fcmatch.patch
 21_malayalam-rendering.patch
+CVE-2009-1194.patch




More information about the pkg-gnome-commits mailing list