Accepting request 828515 from multimedia:libs

OBS-URL: https://build.opensuse.org/request/show/828515 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libEMF?expand=0&rev=26
2020-09-01 18:01:43 +00:00 · 2020-09-01 18:01:43 +00:00 · 51f389527e
commit 51f389527e
parent 7aff3a2266 6696fb3963
4 changed files with 16 additions and 5 deletions
--- a/libEMF.changes
+++ b/libEMF.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Mon Aug 17 09:51:29 UTC 2020 - Dirk Mueller <dmueller@suse.com>
+
+- update to 1.0.13:
+  * CVE-2020-13999 (bsc#1173070)
+
+  libEMF (aka ECMA-234 Metafile Library) through 1.0.12 is vulnerable to
+  Integer overflow condition in libemf.cpp:ScaleviewportExtEx function
+  leading to Denial of Service
+  VulnerabilityType : Integer Overflow
+
 -------------------------------------------------------------------
 Wed May 27 23:58:38 UTC 2020 - Jason Sikes <jsikes@suse.com>

--- a/libEMF.spec
+++ b/libEMF.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libEMF
 #
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@


 Name:           libEMF
-Version:        1.0.12
+Version:        1.0.13
 Release:        0
 Summary:        Library for Manipulation with Enhanced MetaFile (EMF, ECMA-234)
 License:        LGPL-2.1-or-later AND GPL-2.0-or-later
--- a/libemf-1.0.12.tar.gz
+++ b/libemf-1.0.12.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:22e6f70986dc1ff8b85aa94f8ee45dd259034ad6476e42156ccf237e25c4d506
-size 1314880
--- a/libemf-1.0.13.tar.gz
+++ b/libemf-1.0.13.tar.gz