Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at 2022-08-02 22:08:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tiff (Old) and /work/SRC/openSUSE:Factory/.tiff.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "tiff" Tue Aug 2 22:08:37 2022 rev:85 rq:992028 version:4.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2022-07-07 12:56:29.755245706 +0200 +++ /work/SRC/openSUSE:Factory/.tiff.new.1533/tiff.changes 2022-08-02 22:08:45.569697694 +0200 @@ -1,0 +2,7 @@ +Mon Aug 1 12:06:01 UTC 2022 - Michael Vetter <mvetter@suse.com> + +- security update: + * CVE-2022-34526 [bsc#1202026] + + tiff-CVE-2022-34526.patch + +------------------------------------------------------------------- New: ---- tiff-CVE-2022-34526.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.Qn9sjp/_old 2022-08-02 22:08:46.113699262 +0200 +++ /var/tmp/diff_new_pack.Qn9sjp/_new 2022-08-02 22:08:46.117699274 +0200 @@ -34,6 +34,7 @@ # http://bugzilla.maptools.org/show_bug.cgi?id=2442 Patch1: tiff-4.0.3-compress-warning.patch Patch2: tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch +Patch3: tiff-CVE-2022-34526.patch BuildRequires: gcc-c++ BuildRequires: libjbig-devel BuildRequires: libjpeg-devel @@ -74,6 +75,7 @@ %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build CFLAGS="%{optflags} -fPIE" ++++++ tiff-CVE-2022-34526.patch ++++++ Index: tiff-4.4.0/libtiff/tif_dirinfo.c =================================================================== --- tiff-4.4.0.orig/libtiff/tif_dirinfo.c +++ tiff-4.4.0/libtiff/tif_dirinfo.c @@ -1191,6 +1191,9 @@ _TIFFCheckFieldIsValidForCodec(TIFF *tif default: return 1; } + if( !TIFFIsCODECConfigured(tif->tif_dir.td_compression) ) { + return 0; + } /* Check if codec specific tags are allowed for the current * compression scheme (codec) */ switch (tif->tif_dir.td_compression) {