[rpms/openslide] epel8: Fix CVE-2026-48977

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/openslide] epel8: Fix CVE-2026-48977
@ 2026-06-08  8:25 Benjamin Gilbert
  0 siblings, 0 replies; only message in thread
From: Benjamin Gilbert @ 2026-06-08  8:25 UTC (permalink / raw)
  To: git-commits

A new commit has been pushed.

Repo   : rpms/openslide
Branch : epel8
Commit : b80c4a7a9687d5c90dff5ec5dffdce2d625f3fd9
Author : Benjamin Gilbert <bgilbert@backtick.net>
Date   : 2026-06-08T03:03:12-05:00
Stats  : +22/-1 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/openslide/c/b80c4a7a9687d5c90dff5ec5dffdce2d625f3fd9?branch=epel8

Log:
Fix CVE-2026-48977

---
diff --git a/openslide.spec b/openslide.spec
index 79ed374..313bcfa 100644
--- a/openslide.spec
+++ b/openslide.spec
@@ -1,6 +1,6 @@
 Name:		openslide
 Version:	3.4.1
-Release:	19%{?dist}
+Release:	20%{?dist}
 Summary:	C library for reading virtual slides
 
 License:	LGPLv2
@@ -8,6 +8,8 @@ URL:		http://openslide.org/
 Source0:	https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
 # Based on upstream a3153fa9fb8e37e14941f441a1647532a6ceaa9a
 Patch0:		3.4.1-fix-windres-s390x.patch
+# Based on upstream 2be88bd782d9fff46de8e56a99baca523e7917b3
+Patch1:		ventana-CVE-2026-48977-3.4.1.patch
 
 BuildRequires: make
 BuildRequires:	pkgconfig(glib-2.0)
@@ -53,6 +55,7 @@ with virtual slides.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 
 %build
@@ -83,6 +86,9 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
 
 
 %changelog
+* Mon Jun 08 2026 Benjamin Gilbert <bgilbert@backtick.net> - 3.4.1-20
+- Fix CVE-2026-48977
+
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.1-19
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 

diff --git a/ventana-CVE-2026-48977-3.4.1.patch b/ventana-CVE-2026-48977-3.4.1.patch
new file mode 100644
index 0000000..0186d72
--- /dev/null
+++ b/ventana-CVE-2026-48977-3.4.1.patch
@@ -0,0 +1,15 @@
+--- a/src/openslide-vendor-ventana.c
++++ b/src/openslide-vendor-ventana.c
+@@ -524,6 +524,12 @@ static struct bif *parse_level0_xml(const char *xml,
+     // get tile counts
+     PARSE_INT_ATTRIBUTE_OR_FAIL(info, ATTR_NUM_COLS, area->tiles_across);
+     PARSE_INT_ATTRIBUTE_OR_FAIL(info, ATTR_NUM_ROWS, area->tiles_down);
++    if (area->tiles_across < 1 || area->tiles_down < 1) {
++      g_set_error(err, OPENSLIDE_ERROR, OPENSLIDE_ERROR_FAILED,
++                  "Area has invalid tile count %"PRId64"x%"PRId64,
++                  area->tiles_across, area->tiles_down);
++      goto FAIL;
++    }
+ 
+     // get position
+     // it seems these are always whole numbers, but they are sometimes

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-08  8:25 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-08  8:25 [rpms/openslide] epel8: Fix CVE-2026-48977 Benjamin Gilbert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox