From 8857c133f6fc4c887eadd4efa2748a7d73803e0a9d2509f2021f70fe02f1671f Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Thu, 26 Jan 2023 07:58:54 +0000 Subject: [PATCH] - security update: * CVE-2022-48281 [bsc#1207413] + tiff-CVE-2022-48281.patch OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=166 --- tiff-CVE-2022-48281.patch | 13 +++++++++++++ tiff.changes | 7 +++++++ tiff.spec | 2 ++ 3 files changed, 22 insertions(+) create mode 100644 tiff-CVE-2022-48281.patch diff --git a/tiff-CVE-2022-48281.patch b/tiff-CVE-2022-48281.patch new file mode 100644 index 0000000..e5cc027 --- /dev/null +++ b/tiff-CVE-2022-48281.patch @@ -0,0 +1,13 @@ +Index: tiff-4.5.0/tools/tiffcrop.c +=================================================================== +--- tiff-4.5.0.orig/tools/tiffcrop.c ++++ tiff-4.5.0/tools/tiffcrop.c +@@ -8591,7 +8591,7 @@ static int processCropSelections(struct + cropsize + NUM_BUFF_OVERSIZE_BYTES); + else + { +- prev_cropsize = seg_buffs[0].size; ++ prev_cropsize = seg_buffs[i].size; + if (prev_cropsize < cropsize) + { + next_buff = _TIFFrealloc( diff --git a/tiff.changes b/tiff.changes index 669d7f4..bf1d8ce 100644 --- a/tiff.changes +++ b/tiff.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Jan 26 07:41:55 UTC 2023 - Michael Vetter + +- security update: + * CVE-2022-48281 [bsc#1207413] + + tiff-CVE-2022-48281.patch + ------------------------------------------------------------------- Wed Jan 4 08:48:13 UTC 2023 - Paolo Stivanin diff --git a/tiff.spec b/tiff.spec index 3c724f2..8a51e70 100644 --- a/tiff.spec +++ b/tiff.spec @@ -33,6 +33,8 @@ Source99: tiff.keyring Patch0: tiff-4.0.3-seek.patch # http://bugzilla.maptools.org/show_bug.cgi?id=2442 Patch1: tiff-4.0.3-compress-warning.patch +# PATCH-FIX-UPSTREAM mvetter@suse.com tiff-CVE-2022-48281.patch -- bsc#1207413 +Patch2: tiff-CVE-2022-48281.patch BuildRequires: gcc-c++ BuildRequires: libjbig-devel BuildRequires: libjpeg-devel