Hello community,
here is the log from the commit of package tiff for openSUSE:11.4
checked in at Fri Apr 15 17:04:48 CEST 2011.
--------
--- old-versions/11.4/UPDATES/all/tiff/tiff.changes 2011-03-31 23:08:09.000000000 +0200
+++ 11.4/tiff/tiff.changes 2011-04-14 16:49:07.000000000 +0200
@@ -1,0 +2,7 @@
+Thu Apr 14 16:45:19 CEST 2011 - pgajdos@suse.cz
+
+- fixed following vulnerabilities:
+ * integer overflow CVE-2010-4665 [bnc#687442]
+ * buffer overflow CVE-2009-5022 [bnc#687441]
+
+-------------------------------------------------------------------
calling whatdependson for 11.4-i586
New:
----
tiff-3.9.4-CVE-2009-5022.patch
tiff-3.9.4-CVE-2010-4665.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tiff.spec ++++++
--- /var/tmp/diff_new_pack.TVTVNS/_old 2011-04-15 17:04:36.000000000 +0200
+++ /var/tmp/diff_new_pack.TVTVNS/_new 2011-04-15 17:04:36.000000000 +0200
@@ -29,7 +29,7 @@
#
Url: http://www.remotesensing.org/libtiff/
Version: 3.9.4
-Release: 3.<RELEASE5>
+Release: 3.<RELEASE7>
Summary: Tools for Converting from and to the Tiff Format
Source: tiff-%{version}.tar.bz2
Source2: README.SUSE
@@ -42,6 +42,8 @@
Patch9: tiff-%{version}-dont-fancy-upsampling.patch
Patch10: tiff-%{version}-CVE-2011-0192.patch
Patch11: tiff-%{version}-CVE-2011-1167.patch
+Patch12: tiff-3.9.4-CVE-2010-4665.patch
+Patch13: tiff-3.9.4-CVE-2009-5022.patch
# FYI: this issue is solved another way
# http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
# Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch
@@ -109,6 +111,8 @@
%patch9 -p1
%patch10
%patch11
+%patch12
+%patch13
find -type d -name "CVS" | xargs rm -rfv
find -type d | xargs chmod 755
++++++ tiff-3.9.4-CVE-2009-5022.patch ++++++
http://bugzilla.maptools.org/show_bug.cgi?id=1999#c2 and diff between 3.9.5 and 3.9.4
Index: tiff-3.9.4/libtiff/tif_ojpeg.c
===================================================================
--- libtiff/tif_ojpeg.c
+++ libtiff/tif_ojpeg.c
@@ -1555,6 +1555,11 @@ OJPEGReadHeaderInfoSecStreamSof(TIFF* ti
TIFFErrorExt(tif->tif_clientdata,module,"JPEG compressed data indicates unexpected width");
return(0);
}
+ if ((uint32)p>sp->strile_width)
+ {
+ TIFFErrorExt(tif->tif_clientdata,module,"JPEG compressed data image width exceeds expected image width");
+ return(0);
+ }
sp->sof_x=p;
}
/* Nf: Number of image components in frame */
++++++ tiff-3.9.4-CVE-2010-4665.patch ++++++
http://bugzilla.maptools.org/attachment.cgi?id=398
Make tiffdump more paranoid about checking the count field of a directory
entry.
diff -Naur tiff-3.9.4.orig/tools/tiffdump.c tiff-3.9.4/tools/tiffdump.c
--- tools/tiffdump.c 2010-06-08 14:50:44.000000000 -0400
+++ tools/tiffdump.c 2010-06-22 12:51:42.207932477 -0400
@@ -46,6 +46,7 @@
# include