FreeBSD Bugzilla – Attachment 100976 Details for
Bug 140335
[patch] graphics/php5-gd: fix CVE-2009-3546
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
cve-2009-3546-fix.diff
cve-2009-3546-fix.diff (text/plain), 4.71 KB, created by
Eygene Ryabinkin
on 2009-11-06 15:40:01 UTC
(
hide
)
Description:
cve-2009-3546-fix.diff
Filename:
MIME Type:
Creator:
Eygene Ryabinkin
Created:
2009-11-06 15:40:01 UTC
Size:
4.71 KB
patch
obsolete
>From 0697562e60bf3a45813403b8de08f0dfa6f80e33 Mon Sep 17 00:00:00 2001 >From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> >Date: Fri, 6 Nov 2009 18:18:15 +0300 > >Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> >--- > graphics/gd/Makefile | 2 +- > graphics/gd/files/patch-cve-2009-3546 | 15 +++++++++++++++ > graphics/php4-gd/Makefile | 2 ++ > graphics/php4-gd/files/patch-cve-2009-3546 | 14 ++++++++++++++ > graphics/php5-gd/Makefile | 2 ++ > graphics/php5-gd/files/patch-cve-2009-3546 | 14 ++++++++++++++ > security/vuxml/vuln.xml | 7 ++++--- > 7 files changed, 52 insertions(+), 4 deletions(-) > create mode 100644 graphics/gd/files/patch-cve-2009-3546 > create mode 100644 graphics/php4-gd/files/patch-cve-2009-3546 > create mode 100644 graphics/php5-gd/files/patch-cve-2009-3546 > >diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile >index e344354..1341296 100644 >--- a/graphics/gd/Makefile >+++ b/graphics/gd/Makefile >@@ -7,7 +7,7 @@ > > PORTNAME= gd > PORTVERSION= 2.0.35 >-PORTREVISION?= 1 >+PORTREVISION?= 2 > PORTEPOCH= 1 > CATEGORIES+= graphics > MASTER_SITES= http://www.libgd.org/releases/ >diff --git a/graphics/gd/files/patch-cve-2009-3546 b/graphics/gd/files/patch-cve-2009-3546 >new file mode 100644 >index 0000000..f483039 >--- /dev/null >+++ b/graphics/gd/files/patch-cve-2009-3546 >@@ -0,0 +1,15 @@ >+Adopted-From: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557&view=patch >+ >+--- gd_gd.c.orig 2006-04-05 19:52:22.000000000 +0400 >++++ gd_gd.c 2009-11-06 18:06:50.000000000 +0300 >+@@ -44,6 +44,10 @@ >+ { >+ goto fail1; >+ } >++ if (im->colorsTotal > gdMaxColors) >++ { >++ goto fail1; >++ } >+ } >+ /* Int to accommodate truecolor single-color transparency */ >+ if (!gdGetInt (&im->transparent, in)) >diff --git a/graphics/php4-gd/Makefile b/graphics/php4-gd/Makefile >index 6702512..025f833 100644 >--- a/graphics/php4-gd/Makefile >+++ b/graphics/php4-gd/Makefile >@@ -11,4 +11,6 @@ MASTERDIR= ${.CURDIR}/../../lang/php4 > > PKGNAMESUFFIX= -gd > >+PORTREVISION= 1 >+ > .include "${MASTERDIR}/Makefile" >diff --git a/graphics/php4-gd/files/patch-cve-2009-3546 b/graphics/php4-gd/files/patch-cve-2009-3546 >new file mode 100644 >index 0000000..6a2d2c7 >--- /dev/null >+++ b/graphics/php4-gd/files/patch-cve-2009-3546 >@@ -0,0 +1,14 @@ >+Obtained-From: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557&view=patch >+ >+--- libgd/gd_gd.c 2009/10/12 09:44:18 289556 >++++ libgd/gd_gd.c 2009/10/12 10:01:37 289557 >+@@ -39,6 +39,9 @@ >+ if (!gdGetWord(&im->colorsTotal, in)) { >+ goto fail1; >+ } >++ if (im->colorsTotal > gdMaxColors) { >++ goto fail1; >++ } >+ } >+ /* Int to accommodate truecolor single-color transparency */ >+ if (!gdGetInt(&im->transparent, in)) { >diff --git a/graphics/php5-gd/Makefile b/graphics/php5-gd/Makefile >index 1a0d0b5..6333f40 100644 >--- a/graphics/php5-gd/Makefile >+++ b/graphics/php5-gd/Makefile >@@ -11,4 +11,6 @@ MASTERDIR= ${.CURDIR}/../../lang/php5 > > PKGNAMESUFFIX= -gd > >+PORTREVISION= 2 >+ > .include "${MASTERDIR}/Makefile" >diff --git a/graphics/php5-gd/files/patch-cve-2009-3546 b/graphics/php5-gd/files/patch-cve-2009-3546 >new file mode 100644 >index 0000000..6a2d2c7 >--- /dev/null >+++ b/graphics/php5-gd/files/patch-cve-2009-3546 >@@ -0,0 +1,14 @@ >+Obtained-From: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557&view=patch >+ >+--- libgd/gd_gd.c 2009/10/12 09:44:18 289556 >++++ libgd/gd_gd.c 2009/10/12 10:01:37 289557 >+@@ -39,6 +39,9 @@ >+ if (!gdGetWord(&im->colorsTotal, in)) { >+ goto fail1; >+ } >++ if (im->colorsTotal > gdMaxColors) { >++ goto fail1; >++ } >+ } >+ /* Int to accommodate truecolor single-color transparency */ >+ if (!gdGetInt(&im->transparent, in)) { >diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml >index 3b2eace..6440a90 100644 >--- a/security/vuxml/vuln.xml >+++ b/security/vuxml/vuln.xml >@@ -40,15 +40,15 @@ Note: Please add new entries to the beginning of this file. > <affects> > <package> > <name>gd</name> >- <range><gt>0</gt></range> >+ <range><lt>2.0.35_2,1</lt></range> > </package> > <package> > <name>php5-gd</name> >- <range><gt>0</gt></range> >+ <range><lt>5.2.11_2</lt></range> > </package> > <package> > <name>php4-gd</name> >- <range><gt>0</gt></range> >+ <range><lt>4.4.9_1</lt></range> > </package> > </affects> > <description> >@@ -73,6 +73,7 @@ Note: Please add new entries to the beginning of this file. > <dates> > <discovery>2009-10-15</discovery> > <entry>2009-11-05</entry> >+ <modified>2009-11-06</modified> > </dates> > </vuln> > >-- >1.6.5.1
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=100976">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 140335
: 100976