diff --git a/CVE-2022-40961.patch b/CVE-2022-40961.patch new file mode 100644 index 0000000000000000000000000000000000000000..6e25a110205d8aadfa82f9995243f0ef1993abaa --- /dev/null +++ b/CVE-2022-40961.patch @@ -0,0 +1,28 @@ +From 0bebe37e1dbae3b7bfe171fbc5bfbb1f8397858f Mon Sep 17 00:00:00 2001 +From: Jamie Nicol +Date: Thu, 18 Aug 2022 12:57:47 +0000 (21 months ago) +Subject: [PATCH] CVE-2022-40961 + +--- + widget/GfxDriverInfo.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/widget/GfxDriverInfo.h b/widget/GfxDriverInfo.h +index 82b3b77d73..1a5dcbe215 100644 +--- a/widget/GfxDriverInfo.h ++++ b/widget/GfxDriverInfo.h +@@ -431,7 +431,10 @@ inline bool SplitDriverVersion(const char* aSource, char* aAStr, char* aBStr, + + // Add last terminator. + MOZ_ASSERT(destIdx < 4 && destPos <= 4); +- dest[destIdx][destPos] = 0; ++ dest[destIdx][destPos] = 0; ++ for (int unusedDestIdx = destIdx + 1; unusedDestIdx < 4; unusedDestIdx++) { ++ dest[unusedDestIdx][0] = 0; ++ } + + if (destIdx != 3) { + return false; +-- +2.27.0 + diff --git a/firefox.spec b/firefox.spec index 338ed90fe50af5136721718b493714013a543058..d3a4d05831c49217643d9d3af4774d78fa45d285 100644 --- a/firefox.spec +++ b/firefox.spec @@ -148,7 +148,7 @@ Summary: Mozilla Firefox Web browser Name: firefox Version: 102.15.0 -Release: 6 +Release: 7 URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ @@ -246,6 +246,7 @@ Patch429: CVE-2023-5217.patch Patch430: CVE-2023-7104.patch Patch431: CVE-2022-3479.patch Patch432: CVE-2023-44488.patch +Patch433: CVE-2022-40961.patch # PGO/LTO patches Patch600: pgo.patch @@ -545,6 +546,7 @@ to run Firefox explicitly on X11. %patch430 -p1 %patch431 -p1 %patch432 -p1 +%patch433 -p1 # PGO patches %if %{build_with_pgo} @@ -1139,6 +1141,8 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %endif %changelog +* Mon May 13 2024 lvfei - 102.15.0-7 +- Fix CVE-2022-40961 * Tue Apr 23 2024 wangkai <13474090681@163.com> - 102.15.0-6 - Fix CVE-2023-44488