- ocaml-camlimages: PNG reader multiple integer overflows (CVE 2009-2295 /

RHBZ#509531).

ocaml-camlimages.spec

@@ -4,7 +4,7 @@
 
 Name:           ocaml-camlimages
 Version:        3.0.1
-Release:        8%{?dist}
+Release:        9%{?dist}
 Summary:        OCaml image processing library
 
 Group:          Development/Libraries
@@ -17,6 +17,9 @@ ExcludeArch:    sparc64 s390 s390x
 
 Patch0:         camlimages-3.0.1-display-module.patch
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=509531#c4
+Patch1:         camlimages-oversized-png-check-CVE-2009-2295.patch
+
 BuildRequires:  ocaml >= 3.10.1
 BuildRequires:  ocaml-lablgtk-devel
 BuildRequires:  ocaml-x11
@@ -63,6 +66,7 @@ Includes documentation provided by ocamldoc
 # Gdk.Display submodule clashes with the Display module in
 # the examples/liv directory, so rename it:
 %patch0 -p1
+%patch1 -p1
 aclocal -I .
 automake
 autoconf
@@ -108,6 +112,10 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Fri Jul  3 2009 Richard W.M. Jones <rjones@redhat.com> - 3.0.1-9
+- ocaml-camlimages: PNG reader multiple integer overflows
+  (CVE 2009-2295 / RHBZ#509531).
+
 * Sat May 23 2009 Richard W.M. Jones <rjones@redhat.com> - 3.0.1-8
 - Rebuild for OCaml 3.11.1