Hello community,
here is the log from the commit of package tiff for openSUSE:11.2
checked in at Fri Apr 15 17:03:36 CEST 2011.
--------
--- old-versions/11.2/UPDATES/all/tiff/tiff.changes 2011-03-31 23:07:12.000000000 +0200
+++ 11.2/tiff/tiff.changes 2011-04-14 16:51:09.000000000 +0200
@@ -1,0 +2,5 @@
+Thu Apr 14 16:49:14 CEST 2011 - pgajdos@suse.cz
+
+- fixed integer overflow CVE-2010-4665 [bnc#687442]
+
+-------------------------------------------------------------------
calling whatdependson for 11.2-i586
New:
----
tiff-3.8.2-CVE-2010-4665.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tiff.spec ++++++
--- /var/tmp/diff_new_pack.3E2k0s/_old 2011-04-15 17:03:12.000000000 +0200
+++ /var/tmp/diff_new_pack.3E2k0s/_new 2011-04-15 17:03:12.000000000 +0200
@@ -29,7 +29,7 @@
#
Url: http://www.remotesensing.org/libtiff/
Version: 3.8.2
-Release: 145.<RELEASE148>
+Release: 145.<RELEASE150>
Summary: Tools for Converting from and to the Tiff Format
Source: tiff-%{version}.tar.bz2
Source1: jpegint.h
@@ -47,6 +47,7 @@
Patch12: tiff-%{version}-CVE-2011-0192.patch
Patch13: tiff-%{version}-CVE-2011-0191.patch
Patch14: tiff-3.8.2-CVE-2011-1167.patch
+Patch15: tiff-3.8.2-CVE-2010-4665.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -116,6 +117,7 @@
%patch12
%patch13
%patch14
+%patch15
cp %{S:1} libtiff
find -type d -name "CVS" | xargs rm -rfv
find -type d | xargs chmod 755
++++++ tiff-3.8.2-CVE-2010-4665.patch ++++++
http://bugzilla.maptools.org/attachment.cgi?id=398
Make tiffdump more paranoid about checking the count field of a directory
entry.
diff -Naur tiff-3.9.4.orig/tools/tiffdump.c tiff-3.9.4/tools/tiffdump.c
--- tools/tiffdump.c 2010-06-08 14:50:44.000000000 -0400
+++ tools/tiffdump.c 2010-06-22 12:51:42.207932477 -0400
@@ -46,6 +46,7 @@
# include