← Back to branch summary

~ubuntu-branches/ubuntu/precise/gimp/precise-security

~ubuntu-branches/ubuntu/precise/gimp/precise-security

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2013-1913.patch

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2013-12-06 13:32:56 UTC
Revision ID: package-import@ubuntu.com-20131206133256-8xqk4mo8qxr2zq6m

Tags: 2.6.12-1ubuntu1.3

* SECURITY UPDATE: denial of service and possible code execution via
  huge color maps in xwd plugin
  - debian/patches/CVE-2013-1913.patch: limit number of color map entries
    in plug-ins/common/file-xwd.c.
  - CVE-2013-1913
* SECURITY UPDATE: denial of service and possible code execution via
  large number of color map entries in xwd plugin
  - debian/patches/CVE-2013-1978.patch: validate number of color map
    entries in plug-ins/common/file-xwd.c
  - CVE-2013-1978

files added:
.pc/CVE-2013-1913.patch

.pc/CVE-2013-1913.patch/plug-ins

.pc/CVE-2013-1913.patch/plug-ins/common

.pc/CVE-2013-1913.patch/plug-ins/common/file-xwd.c

.pc/CVE-2013-1978.patch

.pc/CVE-2013-1978.patch/plug-ins

.pc/CVE-2013-1978.patch/plug-ins/common

.pc/CVE-2013-1978.patch/plug-ins/common/file-xwd.c

debian/patches/CVE-2013-1913.patch

debian/patches/CVE-2013-1978.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

plug-ins/common/file-xwd.c

Show diffs side-by-side

added added

removed removed

debian/patches/CVE-2013-1913.patch

1

From 32ae0f83e5748299641cceaabe3f80f1b3afd03e Mon Sep 17 00:00:00 2001

2

From: Nils Philippsen <nils@redhat.com>

3

Date: Thu, 14 Nov 2013 13:29:01 +0000

4

Subject: file-xwd: sanity check colormap size (CVE-2013-1913)

5

6

---

7

Index: gimp-2.8.6/plug-ins/common/file-xwd.c

8

===================================================================

9

--- gimp-2.8.6.orig/plug-ins/common/file-xwd.c 2013-12-06 13:16:41.718812351 -0500

10

+++ gimp-2.8.6/plug-ins/common/file-xwd.c 2013-12-06 13:16:41.714812331 -0500

11

@@ -459,6 +459,17 @@

12

/* Position to start of XWDColor structures */

13

fseek (ifp, (long)xwdhdr.l_header_size, SEEK_SET);

14

15

+ /* Guard against insanely huge color maps -- gimp_image_set_colormap() only

16

+ * accepts colormaps with 0..256 colors anyway. */

17

+ if (xwdhdr.l_colormap_entries > 256)

18

+ {

19

+ g_message (_("'%s':\nIllegal number of colormap entries: %ld"),

20

+ gimp_filename_to_utf8 (filename),

21

+ (long)xwdhdr.l_colormap_entries);

22

+ fclose (ifp);

23

+ return -1;

24

+ }

25

+

26

if (xwdhdr.l_colormap_entries > 0)

27

{

28

xwdcolmap = g_new (L_XWDCOLOR, xwdhdr.l_colormap_entries);

Older »