Subject: CVS commit: pkgsrc/graphics/libwmf
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 08/20/2006 21:38:45
Module Name:	pkgsrc
Committed By:	salo
Date:		Sun Aug 20 21:38:45 UTC 2006

Modified Files:
	pkgsrc/graphics/libwmf: Makefile distinfo
Added Files:
	pkgsrc/graphics/libwmf/patches: patch-ae

Log Message:
Security fix for CVE-2006-3376:

"A vulnerability in libwmf can be potentially exploited by malicious
 people to compromise an application using the vulnerable library.

 The vulnerability is caused due to an integer overflow error when
 allocating memory based on a value taken directly from a WMF file
 without performing any checks. This can be exploited to cause a
 heap-based buffer overflow when a specially crafted WMF file is
 processed.

 Successful exploitation may allow execution of arbitrary code."

http://secunia.com/advisories/20921/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376

Patch from Red Hat.  Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -r1.59 -r1.60 pkgsrc/graphics/libwmf/Makefile
cvs rdiff -r1.13 -r1.14 pkgsrc/graphics/libwmf/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/graphics/libwmf/patches/patch-ae

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.