SOURCES: libid3tag-dos.patch (NEW) - fix for CVE-2008-2109
megabajt
megabajt at pld-linux.org
Fri May 16 18:48:45 CEST 2008
Author: megabajt Date: Fri May 16 16:48:45 2008 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- fix for CVE-2008-2109
---- Files affected:
SOURCES:
libid3tag-dos.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/libid3tag-dos.patch
diff -u /dev/null SOURCES/libid3tag-dos.patch:1.1
--- /dev/null Fri May 16 18:48:45 2008
+++ SOURCES/libid3tag-dos.patch Fri May 16 18:48:40 2008
@@ -0,0 +1,12 @@
+diff -urN libid3tag-0.15.1b/field.c libid3tag-0.15.1b.new/field.c
+--- libid3tag-0.15.1b/field.c 2004-01-23 10:41:32.000000000 +0100
++++ libid3tag-0.15.1b.new/field.c 2008-05-16 18:44:38.000000000 +0200
+@@ -291,7 +291,7 @@
+
+ end = *ptr + length;
+
+- while (end - *ptr > 0) {
++ while (end - *ptr > 0 && **ptr != '\0') {
+ ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+ if (ucs4 == 0)
+ goto fail;
================================================================
More information about the pld-cvs-commit
mailing list