- security update:

* CVE-2022-48281 [bsc#1207413] + tiff-CVE-2022-48281.patch OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=166
2023-01-26 07:58:54 +00:00 · 2023-01-26 07:58:54 +00:00 · 8857c133f6
commit 8857c133f6
parent d5facc88d0
3 changed files with 22 additions and 0 deletions
--- a/tiff-CVE-2022-48281.patch
+++ b/tiff-CVE-2022-48281.patch
@ -0,0 +1,13 @@
+Index: tiff-4.5.0/tools/tiffcrop.c
+===================================================================
+--- tiff-4.5.0.orig/tools/tiffcrop.c
+++ tiff-4.5.0/tools/tiffcrop.c
+@@ -8591,7 +8591,7 @@ static int processCropSelections(struct
+                     cropsize + NUM_BUFF_OVERSIZE_BYTES);
+             else
+             {
+-                prev_cropsize = seg_buffs[0].size;
+                prev_cropsize = seg_buffs[i].size;
+                 if (prev_cropsize < cropsize)
+                 {
+                     next_buff = _TIFFrealloc(
--- a/tiff.changes
+++ b/tiff.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jan 26 07:41:55 UTC 2023 - Michael Vetter <mvetter@suse.com>
+
+- security update:
+  * CVE-2022-48281 [bsc#1207413]
+    + tiff-CVE-2022-48281.patch
+
 -------------------------------------------------------------------
 Wed Jan  4 08:48:13 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>

--- a/tiff.spec
+++ b/tiff.spec
@ -33,6 +33,8 @@ Source99:       tiff.keyring
 Patch0:         tiff-4.0.3-seek.patch
 # http://bugzilla.maptools.org/show_bug.cgi?id=2442
 Patch1:         tiff-4.0.3-compress-warning.patch
+# PATCH-FIX-UPSTREAM mvetter@suse.com tiff-CVE-2022-48281.patch -- bsc#1207413
+Patch2:         tiff-CVE-2022-48281.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libjbig-devel
 BuildRequires:  libjpeg-devel