Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package htmldoc for openSUSE:Factory checked in at 2024-09-04 13:22:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/htmldoc (Old) and /work/SRC/openSUSE:Factory/.htmldoc.new.10096 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "htmldoc" Wed Sep 4 13:22:10 2024 rev:35 rq:1198406 version:1.9.18 Changes: -------- --- /work/SRC/openSUSE:Factory/htmldoc/htmldoc.changes 2024-02-16 21:41:30.719873892 +0100 +++ /work/SRC/openSUSE:Factory/.htmldoc.new.10096/htmldoc.changes 2024-09-04 13:22:18.339945949 +0200 @@ -1,0 +2,8 @@ +Mon Sep 2 12:48:22 UTC 2024 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2024-45508 [bsc#1230022], HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. + + htmldoc-CVE-2024-45508.patch + +------------------------------------------------------------------- New: ---- htmldoc-CVE-2024-45508.patch BETA DEBUG BEGIN: New: fix CVE-2024-45508 [bsc#1230022], HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. + htmldoc-CVE-2024-45508.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ htmldoc.spec ++++++ --- /var/tmp/diff_new_pack.EYpsTa/_old 2024-09-04 13:22:19.127978924 +0200 +++ /var/tmp/diff_new_pack.EYpsTa/_new 2024-09-04 13:22:19.127978924 +0200 @@ -24,6 +24,8 @@ Group: Productivity/Publishing/HTML/Tools URL: https://michaelrsweet.github.io/htmldoc/index.html Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz +# CVE-2024-45508 [bsc#1230022], HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. +Patch0: htmldoc-CVE-2024-45508.patch BuildRequires: cups-devel BuildRequires: fltk-devel BuildRequires: gcc-c++ ++++++ htmldoc-CVE-2024-45508.patch ++++++ Index: htmldoc-1.9.18/htmldoc/ps-pdf.cxx =================================================================== --- htmldoc-1.9.18.orig/htmldoc/ps-pdf.cxx +++ htmldoc-1.9.18/htmldoc/ps-pdf.cxx @@ -5234,7 +5234,7 @@ parse_paragraph(tree_t *t, /* I - Tree t if (temp->markup != MARKUP_A) break; - if (temp != NULL && temp->markup == MARKUP_NONE && temp->data[0] == ' ') + if (temp != NULL && temp->markup == MARKUP_NONE && temp->data[0] == ' ' && temp->data[1]) { // Drop leading space... for (dataptr = temp->data; *dataptr; dataptr ++)
