diff options
author | Mark H Weaver <mhw@netris.org> | 2015-10-08 10:43:40 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2015-10-08 10:46:30 -0400 |
commit | f956d661add890acb41592482a8a0c3fd90afd76 (patch) | |
tree | 796d7838d9fd3b8dac7020988bb963e0c325f7a9 /gnu/packages/patches/libwmf-CVE-2007-0455.patch | |
parent | 48e4a9f32f93c404b6fb4472164d8e00d12b2937 (diff) | |
download | guix-f956d661add890acb41592482a8a0c3fd90afd76.tar.gz |
gnu: libwmf: Add fixes for several security flaws.
* gnu/packages/patches/libwmf-CAN-2004-0941.patch, gnu/packages/patches/libwmf-CVE-2007-0455.patch, gnu/packages/patches/libwmf-CVE-2007-2756.patch, gnu/packages/patches/libwmf-CVE-2007-3472.patch, gnu/packages/patches/libwmf-CVE-2007-3473.patch, gnu/packages/patches/libwmf-CVE-2007-3477.patch, gnu/packages/patches/libwmf-CVE-2009-3546.patch: New files. * gnu/packages/patches/libwmf-CVE-2015-0848+4588+4695+4696.patch: Delete file. Replace with ... * gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch, gnu/packages/patches/libwmf-CVE-2015-4695.patch, gnu/packages/patches/libwmf-CVE-2015-4696.patch: ... these new files. * gnu-system.am (dist_patch_DATA): Adjust accordingly. * gnu/packages/image.scm (libwmf)[source]: Adjust set of patches.
Diffstat (limited to 'gnu/packages/patches/libwmf-CVE-2007-0455.patch')
-rw-r--r-- | gnu/packages/patches/libwmf-CVE-2007-0455.patch | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/gnu/packages/patches/libwmf-CVE-2007-0455.patch b/gnu/packages/patches/libwmf-CVE-2007-0455.patch new file mode 100644 index 0000000000..ceefc75bf2 --- /dev/null +++ b/gnu/packages/patches/libwmf-CVE-2007-0455.patch @@ -0,0 +1,15 @@ +Copied from Fedora. + +http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-0455.patch + +--- libwmf-0.2.8.4/src/extra/gd/gdft.c 2010-12-06 11:18:26.000000000 +0000 ++++ libwmf-0.2.8.4/src/extra/gd/gdft.c 2010-12-06 11:21:09.000000000 +0000 +@@ -811,7 +811,7 @@ + { + ch = c & 0xFF; /* don't extend sign */ + } +- next++; ++ if (*next) next++; + } + else + { |