← Back to branch summary

~ubuntu-branches/ubuntu/natty/gimp/natty-updates

~ubuntu-branches/ubuntu/natty/gimp/natty-updates

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2012-3236.patch

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2012-09-05 15:45:26 UTC
Revision ID: package-import@ubuntu.com-20120905154526-iradr3s94bdwrpel

Tags: 2.6.11-1ubuntu6.3

* SECURITY UPDATE: denial of service via malformed .fit file header
  - debian/patches/CVE-2012-3236.patch: check for valid XTENSION header
    in plug-ins/file-fits/fits-io.c.
  - CVE-2012-3236
* SECURITY UPDATE: denial of service and possible code execution via
  crafted KiSS palette file
  - debian/patches/CVE-2012-3403.patch: validate return codes and header
    data in plug-ins/common/file-cel.c.
  - CVE-2012-3403
* SECURITY UPDATE: denial of service and possible code execution via
  crafted GIF image file
  - debian/patches/CVE-2012-3481.patch: validate sizes, and prevent
    overflows in plug-ins/common/file-gif-load.c.
  - CVE-2012-3481

files added:
.pc/.quilt_patches

.pc/.quilt_series

.pc/CVE-2012-3236.patch

.pc/CVE-2012-3236.patch/plug-ins

.pc/CVE-2012-3236.patch/plug-ins/file-fits

.pc/CVE-2012-3236.patch/plug-ins/file-fits/fits-io.c

.pc/CVE-2012-3403.patch

.pc/CVE-2012-3403.patch/plug-ins

.pc/CVE-2012-3403.patch/plug-ins/common

.pc/CVE-2012-3403.patch/plug-ins/common/file-cel.c

.pc/CVE-2012-3481.patch

.pc/CVE-2012-3481.patch/plug-ins

.pc/CVE-2012-3481.patch/plug-ins/common

.pc/CVE-2012-3481.patch/plug-ins/common/file-gif-load.c

debian/patches/CVE-2012-3236.patch

debian/patches/CVE-2012-3403.patch

debian/patches/CVE-2012-3481.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

plug-ins/common/file-cel.c

plug-ins/common/file-gif-load.c

plug-ins/file-fits/fits-io.c

Show diffs side-by-side

added added

removed removed

debian/patches/CVE-2012-3236.patch

1

Description: fix denial of service via malformed .fit file header

2

Origin: upstream, http://git.gnome.org/browse/gimp/commit/plug-ins/file-fits/fits-io.c?id=ace45631595e8781a1420842582d67160097163c

3

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=676804

4

5

Index: gimp-2.6.12/plug-ins/file-fits/fits-io.c

6

===================================================================

7

--- gimp-2.6.12.orig/plug-ins/file-fits/fits-io.c 2012-01-31 08:50:15.000000000 -0500

8

+++ gimp-2.6.12/plug-ins/file-fits/fits-io.c 2012-09-05 13:38:00.650225303 -0400

9

@@ -1055,10 +1055,18 @@

10

hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0);

11

hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0);

12

if (hdulist->used.xtension)

13

- {

14

- fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);

15

- strcpy (hdulist->xtension, fdat->fstring);

16

- }

17

+ {

18

+ fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);

19

+ if (fdat != NULL)

20

+ {

21

+ strcpy (hdulist->xtension, fdat->fstring);

22

+ }

23

+ else

24

+ {

25

+ strcpy (errmsg, "No valid XTENSION header found.");

26

+ goto err_return;

27

+ }

28

+ }

29

30

FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong);

31

hdulist->naxis = fdat->flong;

Older »