- fixed buffer overflow [bnc#672510]

* CVE-2011-0192.patch OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=25
2011-03-03 08:30:27 +00:00 · 2011-03-03 08:30:27 +00:00 · 3dac520e7f
commit 3dac520e7f
parent 0578ae6cd1
3 changed files with 23 additions and 0 deletions
--- a/tiff-3.9.4-CVE-2011-0192.patch
+++ b/tiff-3.9.4-CVE-2011-0192.patch
@ -0,0 +1,15 @@
+Index: libtiff/tif_fax3.h
+===================================================================
+--- libtiff/tif_fax3.h.orig
+++ libtiff/tif_fax3.h
+@@ -478,6 +478,10 @@ done1d:									\
+ 	    break;							\
+ 	case S_VL:							\
+ 	    CHECK_b1;							\
+            if (b1 <= (int) (a0 + TabEnt->Param)) {                     \
+              unexpected("VL", a0);                                     \
+              goto eol2d;                                               \
+            }                                                           \
+ 	    SETVALUE(b1 - a0 - TabEnt->Param);				\
+ 	    b1 -= *--pb;						\
+ 	    break;							\
--- a/tiff.changes
+++ b/tiff.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Feb 17 15:40:54 CET 2011 - pgajdos@suse.cz
+
+- fixed buffer overflow [bnc#672510]
+  * CVE-2011-0192.patch
+
 -------------------------------------------------------------------
 Mon Sep  6 14:56:09 CEST 2010 - pgajdos@suse.cz

--- a/tiff.spec
+++ b/tiff.spec
@ -40,6 +40,7 @@ Patch6:         tiff-%{version}-oob-read.patch
 Patch7:         tiff-%{version}-getimage-64bit.patch
 Patch8:         tiff-%{version}-scanlinesize.patch
 Patch9:         tiff-%{version}-dont-fancy-upsampling.patch
+Patch10:        tiff-%{version}-CVE-2011-0192.patch
 # FYI: this issue is solved another way
 # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
 # Patch9:         tiff-%{version}-lzw-CVE-2009-2285.patch
@ -105,6 +106,7 @@ the libtiff library.
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10
 find -type d -name "CVS" | xargs rm -rfv
 find -type d | xargs chmod 755