public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Benjamin Gilbert <bgilbert@backtick.net>
To: git-commits@fedoraproject.org
Subject: [rpms/openslide] epel8: Fix CVE-2026-48977
Date: Mon, 08 Jun 2026 08:25:51 GMT [thread overview]
Message-ID: <178090715180.1.16783163154384576406.rpms-openslide-b80c4a7a9687@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openslide
Branch : epel8
Commit : b80c4a7a9687d5c90dff5ec5dffdce2d625f3fd9
Author : Benjamin Gilbert <bgilbert@backtick.net>
Date : 2026-06-08T03:03:12-05:00
Stats : +22/-1 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openslide/c/b80c4a7a9687d5c90dff5ec5dffdce2d625f3fd9?branch=epel8
Log:
Fix CVE-2026-48977
---
diff --git a/openslide.spec b/openslide.spec
index 79ed374..313bcfa 100644
--- a/openslide.spec
+++ b/openslide.spec
@@ -1,6 +1,6 @@
Name: openslide
Version: 3.4.1
-Release: 19%{?dist}
+Release: 20%{?dist}
Summary: C library for reading virtual slides
License: LGPLv2
@@ -8,6 +8,8 @@ URL: http://openslide.org/
Source0: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
# Based on upstream a3153fa9fb8e37e14941f441a1647532a6ceaa9a
Patch0: 3.4.1-fix-windres-s390x.patch
+# Based on upstream 2be88bd782d9fff46de8e56a99baca523e7917b3
+Patch1: ventana-CVE-2026-48977-3.4.1.patch
BuildRequires: make
BuildRequires: pkgconfig(glib-2.0)
@@ -53,6 +55,7 @@ with virtual slides.
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
%build
@@ -83,6 +86,9 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
%changelog
+* Mon Jun 08 2026 Benjamin Gilbert <bgilbert@backtick.net> - 3.4.1-20
+- Fix CVE-2026-48977
+
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.1-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
diff --git a/ventana-CVE-2026-48977-3.4.1.patch b/ventana-CVE-2026-48977-3.4.1.patch
new file mode 100644
index 0000000..0186d72
--- /dev/null
+++ b/ventana-CVE-2026-48977-3.4.1.patch
@@ -0,0 +1,15 @@
+--- a/src/openslide-vendor-ventana.c
++++ b/src/openslide-vendor-ventana.c
+@@ -524,6 +524,12 @@ static struct bif *parse_level0_xml(const char *xml,
+ // get tile counts
+ PARSE_INT_ATTRIBUTE_OR_FAIL(info, ATTR_NUM_COLS, area->tiles_across);
+ PARSE_INT_ATTRIBUTE_OR_FAIL(info, ATTR_NUM_ROWS, area->tiles_down);
++ if (area->tiles_across < 1 || area->tiles_down < 1) {
++ g_set_error(err, OPENSLIDE_ERROR, OPENSLIDE_ERROR_FAILED,
++ "Area has invalid tile count %"PRId64"x%"PRId64,
++ area->tiles_across, area->tiles_down);
++ goto FAIL;
++ }
+
+ // get position
+ // it seems these are always whole numbers, but they are sometimes
reply other threads:[~2026-06-08 8:25 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178090715180.1.16783163154384576406.rpms-openslide-b80c4a7a9687@fedoraproject.org \
--to=bgilbert@backtick.net \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox