From 394faee92223f39b50452d268e3fd4b30b05776e Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Tue, 29 Jul 2025 14:39:28 +0800 Subject: [PATCH] Fix CVE-2025-2175 --- ...-2174_CVE-2025-2175_CVE-2025-2176_CVE-2025-2177.patch | 0 zvbi.spec | 9 +++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) rename CVE-2025-2174_CVE-2025-2176_CVE-2025-2177.patch => CVE-2025-2174_CVE-2025-2175_CVE-2025-2176_CVE-2025-2177.patch (100%) diff --git a/CVE-2025-2174_CVE-2025-2176_CVE-2025-2177.patch b/CVE-2025-2174_CVE-2025-2175_CVE-2025-2176_CVE-2025-2177.patch similarity index 100% rename from CVE-2025-2174_CVE-2025-2176_CVE-2025-2177.patch rename to CVE-2025-2174_CVE-2025-2175_CVE-2025-2176_CVE-2025-2177.patch diff --git a/zvbi.spec b/zvbi.spec index 41844c9..b16d3d2 100644 --- a/zvbi.spec +++ b/zvbi.spec @@ -1,6 +1,6 @@ Name: zvbi Version: 0.2.35 -Release: 9 +Release: 10 Summary: A library provides functions to capture and decode VBI data License: LGPLv2+ and GPLv2+ and BSD URL: http://zapping.sourceforge.net/ZVBI/index.html @@ -9,7 +9,7 @@ Source0: http://downloads.sourceforge.net/zapping/%{name}-%{version}. Patch0001: %{name}-0.2.24-tvfonts.patch Patch0002: %{name}-0.2.25-openfix.patch Patch0003: CVE-2025-2173.patch -Patch0004: CVE-2025-2174_CVE-2025-2176_CVE-2025-2177.patch +Patch0004: CVE-2025-2174_CVE-2025-2175_CVE-2025-2176_CVE-2025-2177.patch BuildRequires: gcc-c++ doxygen fontconfig gettext >= 0.16.1 libpng-devel BuildRequires: libICE-devel xorg-x11-font-utils systemd-units @@ -136,6 +136,11 @@ fi %{_mandir}/man1/* %changelog +* Tue Jul 29 2025 yaoxin <1024769339@qq.com> - 0.2.35-10 +- Fix CVE-2025-2175 +- Rename CVE-2025-2174_CVE-2025-2176_CVE-2025-2177.patch to + CVE-2025-2174_CVE-2025-2175_CVE-2025-2176_CVE-2025-2177.patch + * Tue Mar 18 2025 yaoxin <1024769339@qq.com> - 0.2.35-9 - Fix CVE-2025-2173,CVE-2025-2174,CVE-2025-2176 and CVE-2025-2177 -- Gitee