- Applied patch to fix CVE-2008-0411 (bug #435147).

ghostscript-CVE-2008-0411.patch

@@ -0,0 +1,13 @@
+diff -up ghostscript-8.61/src/zicc.c.CVE-2008-0411 ghostscript-8.61/src/zicc.c
+--- ghostscript-8.61/src/zicc.c.CVE-2008-0411	2007-09-25 14:31:24.000000000 +0100
++++ ghostscript-8.61/src/zicc.c	2008-02-27 17:07:30.000000000 +0000
+@@ -77,6 +77,9 @@ zseticcspace(i_ctx_t * i_ctx_p)
+     dict_find_string(op, "N", &pnval);
+     ncomps = pnval->value.intval;
+ 
++    if (2*ncomps > sizeof(range_buff)/sizeof(float))
++	return_error(e_rangecheck);
++
+     /* verify the DataSource entry */
+     if (dict_find_string(op, "DataSource", &pstrmval) <= 0)
+         return_error(e_undefined);

ghostscript.spec

@@ -5,7 +5,7 @@ Summary: A PostScript(TM) interpreter and renderer.
 Name: ghostscript
 Version: %{gs_ver}
 
-Release: 9%{?dist}
+Release: 10%{?dist}
 
 License: GPLv2
 URL: http://www.ghostscript.com/
@@ -22,6 +22,7 @@ Patch5: http://www.openprinting.org/download/printing/esp-gpl-ghostscript-merge/
 Patch6: ghostscript-runlibfileifexists.patch
 Patch7: ghostscript-gsbug689577.patch
 Patch8: ghostscript-system-jasper.patch
+Patch9: ghostscript-CVE-2008-0411.patch
 
 Requires: urw-fonts >= 1.1, ghostscript-fonts
 BuildRequires: libjpeg-devel, libXt-devel
@@ -100,6 +101,8 @@ rm -rf libpng zlib jpeg jasper
 
 %patch8 -p1 -b .system-jasper
 
+%patch9 -p1 -b .CVE-2008-0411
+
 # Convert manual pages to UTF-8
 from8859_1() {
 	iconv -f iso-8859-1 -t utf-8 < "$1" > "${1}_"
@@ -270,6 +273,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libgs.so
 
 %changelog
+* Wed Feb 27 2008 Tim Waugh <twaugh@redhat.com> 8.61-10
+- Applied patch to fix CVE-2008-0411 (bug #435147).
+
 * Fri Feb 22 2008 Tim Waugh <twaugh@redhat.com> 8.61-9
 - Build with jasper again (bug #433897).  Build requires jasper-devel, and
   a patch to remove jas_set_error_cb reference.