From ac7547d79cbb08b0c94b7c60dface7d5c90eb0e3 Mon Sep 17 00:00:00 2001 From: aurelien Date: Fri, 30 May 2014 19:59:43 +0200 Subject: htmldoc --- pcr/htmldoc/cve-2009-3050.patch | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 pcr/htmldoc/cve-2009-3050.patch (limited to 'pcr/htmldoc/cve-2009-3050.patch') diff --git a/pcr/htmldoc/cve-2009-3050.patch b/pcr/htmldoc/cve-2009-3050.patch new file mode 100644 index 000000000..8d0fd173a --- /dev/null +++ b/pcr/htmldoc/cve-2009-3050.patch @@ -0,0 +1,41 @@ +Description: Fix for CVE-2009-3050 + This patch fixes a buffer overflow when setting custom page output size. +Author: Giuseppe Iuculano +Bug-Debian: http://bugs.debian.org/537637 +Bug-Gentoo: http://bugs.gentoo.org/show_bug.cgi?id=278186 +Bug: http://www.htmldoc.org/str.php?L214+P0+S0+C0+I0+E0+M1000+Qversion:1.8 +Last-Update: 2011-02-20 + +--- htmldoc-1.8.27.orig/htmldoc/util.cxx ++++ htmldoc-1.8.27/htmldoc/util.cxx +@@ -484,7 +484,7 @@ set_page_size(const char *size) /* I - P + PageWidth = 595; + PageLength = 792; + } +- else if (sscanf(size, "%fx%f%s", &width, &length, units) >= 2) ++ else if (sscanf(size, "%fx%f%254s", &width, &length, units) >= 2) + { + /* + * Custom size... +--- htmldoc-1.8.27.orig/htmldoc/ps-pdf.cxx ++++ htmldoc-1.8.27/htmldoc/ps-pdf.cxx +@@ -12512,7 +12512,7 @@ write_type1(FILE *out, /* I - Fil + * assigned charset... + */ + +- if (sscanf(line, "%*s%*s%*s%*s%d%*s%*s%s", &width, glyph) != 2) ++ if (sscanf(line, "%*s%*s%*s%*s%d%*s%*s%63s", &width, glyph) != 2) + continue; + + for (ch = 0; ch < 256; ch ++) +--- htmldoc-1.8.27.orig/htmldoc/htmllib.cxx ++++ htmldoc-1.8.27/htmldoc/htmllib.cxx +@@ -2139,7 +2139,7 @@ htmlLoadFontWidths(void) + * assigned charset... + */ + +- if (sscanf(line, "%*s%*s%*s%*s%f%*s%*s%s", &width, glyph) != 2) ++ if (sscanf(line, "%*s%*s%*s%*s%f%*s%*s%63s", &width, glyph) != 2) + continue; + + for (ch = 0; ch < 256; ch ++) -- cgit v1.2.3-54-g00ecf