r22663 - in /desktop/etch/pango1.0/debian: changelog patches/CVE-2009-1194.patch patches/series
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Mon Dec 21 20:18:45 UTC 2009
Author: joss
Date: Mon Dec 21 20:18:44 2009
New Revision: 22663
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=22663
Log:
* Non-maintainer upload by the security team
* Fix integer overflow via long glyphstrings (Closes: #527474)
Fixes: CVE-2009-1194
Added:
desktop/etch/pango1.0/debian/patches/CVE-2009-1194.patch
Modified:
desktop/etch/pango1.0/debian/changelog
desktop/etch/pango1.0/debian/patches/series
Modified: desktop/etch/pango1.0/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/etch/pango1.0/debian/changelog?rev=22663&op=diff
==============================================================================
--- desktop/etch/pango1.0/debian/changelog [utf-8] (original)
+++ desktop/etch/pango1.0/debian/changelog [utf-8] Mon Dec 21 20:18:44 2009
@@ -1,3 +1,11 @@
+pango1.0 (1.14.8-5+etch1) oldstable-security; urgency=high
+
+ * Non-maintainer upload by the security team
+ * Fix integer overflow via long glyphstrings (Closes: #527474)
+ Fixes: CVE-2009-1194
+
+ -- Steffen Joeris <white at debian.org> Sat, 09 May 2009 10:51:06 +0200
+
pango1.0 (1.14.8-5) unstable; urgency=low
* Use /usr/lib/$(DEB_HOST_GNU_TYPE) instead of /usr/$(DEB_HOST_GNU_TYPE)/lib
Added: desktop/etch/pango1.0/debian/patches/CVE-2009-1194.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/etch/pango1.0/debian/patches/CVE-2009-1194.patch?rev=22663&op=file
==============================================================================
--- desktop/etch/pango1.0/debian/patches/CVE-2009-1194.patch (added)
+++ desktop/etch/pango1.0/debian/patches/CVE-2009-1194.patch [utf-8] Mon Dec 21 20:18:44 2009
@@ -1,0 +1,37 @@
+--- ../old/pango1.0-1.14.8/pango/glyphstring.c 2006-07-09 00:15:32.000000000 +0200
++++ pango1.0-1.14.8/pango/glyphstring.c 2009-05-09 10:50:05.000000000 +0200
+@@ -61,14 +61,28 @@
+ while (new_len > string->space)
+ {
+ if (string->space == 0)
+- string->space = 1;
++ {
++ string->space = 4;
++ }
+ else
+- string->space *= 2;
+-
+- if (string->space < 0)
+ {
+- g_warning ("glyph string length overflows maximum integer size, truncated");
+- new_len = string->space = G_MAXINT - 8;
++ const guint max_space =
++ MIN (G_MAXINT, G_MAXSIZE / MAX (sizeof(PangoGlyphInfo), sizeof(gint)));
++
++ guint more_space = (guint)string->space * 2;
++
++ if (more_space > max_space)
++ {
++ more_space = max_space;
++
++ if ((guint)new_len > max_space)
++ {
++ g_error ("%s: failed to allocate glyph string of length %i\n",
++ G_STRLOC, new_len);
++ }
++ }
++
++ string->space = more_space;
+ }
+ }
+
Modified: desktop/etch/pango1.0/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/etch/pango1.0/debian/patches/series?rev=22663&op=diff
==============================================================================
--- desktop/etch/pango1.0/debian/patches/series [utf-8] (original)
+++ desktop/etch/pango1.0/debian/patches/series [utf-8] Mon Dec 21 20:18:44 2009
@@ -3,3 +3,4 @@
12_module-files-append-compat-module-files-d.patch
20_fix-fontconfig-fcmatch.patch
21_malayalam-rendering.patch
+CVE-2009-1194.patch
More information about the pkg-gnome-commits
mailing list