ports/121283: [PATCH]print/ghostscript-gpl: fix security hole in 8.61

bf bf2006a at yahoo.com
Sun Mar 2 11:20:03 UTC 2008 

>Number:         121283
>Category:       ports
>Synopsis:       [PATCH]print/ghostscript-gpl: fix security hole in 8.61
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 02 11:20:03 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     bf
>Release:        7.0-STABLE i386
>Organization:
-
>Environment:
>Description:
Fix CVE-2008-0411(

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0411
http://scary.beasts.org/security/CESA-2008-001.html

), using a Red Hat patch from:

https://bugzilla.redhat.com/attachment.cgi?id=294020

and bump portrevision.  The new version hasn't been in ports long, but
I guess a vuxml entry should be added, to be on the safe side.

>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruN ghostscript-gpl.orig/Makefile.inc ghostscript-gpl/Makefile.inc
--- ghostscript-gpl.orig/Makefile.inc	2008-03-02 05:35:02.974196911 -0500
+++ ghostscript-gpl/Makefile.inc	2008-03-02 06:10:09.734862303 -0500
@@ -1,5 +1,5 @@
 # $FreeBSD: ports/print/ghostscript-gpl/Makefile.inc,v 1.25 2008/03/01 11:07:51 rafan Exp $
 
 GS_VERSION=	8.61
-GS_REVISION=	1
+GS_REVISION=	2
 GS_EPOCH=	0
diff -ruN ghostscript-gpl.orig/files/patch-src:zicc.c ghostscript-gpl/files/patch-src:zicc.c
--- ghostscript-gpl.orig/files/patch-src:zicc.c	1969-12-31 19:00:00.000000000 -0500
+++ ghostscript-gpl/files/patch-src:zicc.c	2008-03-02 02:36:37.076258881 -0500
@@ -0,0 +1,12 @@
+--- src/zicc.c
++++ src/zicc.c	2008-02-05 16:11:59.000000000 +0000
+@@ -77,6 +77,9 @@ zseticcspace(i_ctx_t * i_ctx_p)
+     dict_find_string(op, "N", &pnval);
+     ncomps = pnval->value.intval;
+ 
++    if (2*ncomps > sizeof(range_buff)/sizeof(float))
++	return_error(e_rangecheck);
++
+     /* verify the DataSource entry */
+     if (dict_find_string(op, "DataSource", &pstrmval) <= 0)
+         return_error(e_undefined);


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list