- security update:

* CVE-2022-48281 [bsc#1207413]
    + tiff-CVE-2022-48281.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=166

tiff-CVE-2022-48281.patch

@@ -0,0 +1,13 @@
+Index: tiff-4.5.0/tools/tiffcrop.c
+===================================================================
+--- tiff-4.5.0.orig/tools/tiffcrop.c
++++ tiff-4.5.0/tools/tiffcrop.c
+@@ -8591,7 +8591,7 @@ static int processCropSelections(struct
+                     cropsize + NUM_BUFF_OVERSIZE_BYTES);
+             else
+             {
+-                prev_cropsize = seg_buffs[0].size;
++                prev_cropsize = seg_buffs[i].size;
+                 if (prev_cropsize < cropsize)
+                 {
+                     next_buff = _TIFFrealloc(

tiff.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jan 26 07:41:55 UTC 2023 - Michael Vetter <mvetter@suse.com>
+
+- security update:
+  * CVE-2022-48281 [bsc#1207413]
+    + tiff-CVE-2022-48281.patch
+
 -------------------------------------------------------------------
 Wed Jan  4 08:48:13 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
 

tiff.spec

@@ -33,6 +33,8 @@ Source99:       tiff.keyring
 Patch0:         tiff-4.0.3-seek.patch
 # http://bugzilla.maptools.org/show_bug.cgi?id=2442
 Patch1:         tiff-4.0.3-compress-warning.patch
+# PATCH-FIX-UPSTREAM mvetter@suse.com tiff-CVE-2022-48281.patch -- bsc#1207413
+Patch2:         tiff-CVE-2022-48281.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libjbig-devel
 BuildRequires:  libjpeg-devel