Module Name:	pkgsrc
Committed By:	ghen
Date:		Mon Aug 21 07:03:37 UTC 2006

Modified Files:
	pkgsrc/graphics/libwmf [pkgsrc-2006Q2]: Makefile distinfo
Added Files:
	pkgsrc/graphics/libwmf/patches [pkgsrc-2006Q2]: patch-ae

Log Message:
Pullup ticket 1799 - requested by salo
security fix for libwmf

Revisions pulled up:
- pkgsrc/graphics/libwmf/Makefile			1.60
- pkgsrc/graphics/libwmf/distinfo			1.14
- pkgsrc/graphics/libwmf/patches/patch-ae		1.1

   Module Name:	pkgsrc
   Committed By:	salo
   Date:		Sun Aug 20 21:38:45 UTC 2006

   Modified Files:
	pkgsrc/graphics/libwmf: Makefile distinfo
   Added Files:
	pkgsrc/graphics/libwmf/patches: patch-ae

   Log Message:
   Security fix for CVE-2006-3376:

   "A vulnerability in libwmf can be potentially exploited by malicious
    people to compromise an application using the vulnerable library.

    The vulnerability is caused due to an integer overflow error when
    allocating memory based on a value taken directly from a WMF file
    without performing any checks. This can be exploited to cause a
    heap-based buffer overflow when a specially crafted WMF file is
    processed.

    Successful exploitation may allow execution of arbitrary code."

   http://secunia.com/advisories/20921/
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376

   Patch from Red Hat.  Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -r1.59 -r1.59.2.1 pkgsrc/graphics/libwmf/Makefile
cvs rdiff -r1.13 -r1.13.4.1 pkgsrc/graphics/libwmf/distinfo
cvs rdiff -r0 -r1.1.2.1 pkgsrc/graphics/libwmf/patches/patch-ae

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.