OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=100

tiff-CVE-2016-10271.patch

@@ -0,0 +1,11 @@
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8* buf)
+                                   (unsigned long) strip, (unsigned long)rows);
+                         return 0;
+                 }
+-                bufp += bytes_read;
++                bufp += stripsize;
+         }
+ 
+         return 1;

tiff.changes

@@ -24,6 +24,11 @@ Wed Mar 29 07:55:02 UTC 2017 - fstrba@suse.com
       attackers to cause a denial of service (heap-based buffer
       over-read) or possibly have unspecified other impact via a
       crafted TIFF image (bsc#1031250)
+  * tiff-CVE-2016-10271.patch
+    + Upstream fix for CVE-2016-10271, LibTIFF 4.0.7 allows remote
+	  attackers to cause a denial of service (heap-based buffer
+	  over-read and buffer overflow) or possibly have unspecified
+	  other impact via a crafted TIFF image (bsc#1031249)
   * tiff-CVE-2016-10272.patch
     + Upstream fix for CVE-2016-10272, LibTIFF 4.0.7 allows remote
 	  attackers to cause a denial of service (heap-based buffer

tiff.spec

@@ -43,6 +43,7 @@ Patch7:         tiff-CVE-2016-10267.patch
 Patch8:         tiff-CVE-2016-10268.patch
 Patch9:         tiff-CVE-2016-10269.patch
 Patch10:        tiff-CVE-2016-10270.patch
+Patch11:        tiff-CVE-2016-10271.patch
 Patch12:        tiff-CVE-2016-10272.patch
 
 BuildRequires:  gcc-c++
@@ -115,6 +116,7 @@ the libtiff library.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 %patch12 -p1
 
 %build