Hello community, here is the log from the commit of package tiff for openSUSE:11.2 checked in at Mon Mar 14 15:35:09 CET 2011. -------- --- old-versions/11.2/UPDATES/all/tiff/tiff.changes 2010-05-24 11:09:18.000000000 +0200 +++ 11.2/tiff/tiff.changes 2011-03-03 09:28:25.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Feb 17 16:17:08 CET 2011 - pgajdos@suse.cz + +- fixed buffer overflows [bnc#672510] + * CVE-2011-0192.patch + * CVE-2011-0191.patch + +------------------------------------------------------------------- calling whatdependson for 11.2-i586 New: ---- tiff-3.8.2-CVE-2011-0191.patch tiff-3.8.2-CVE-2011-0192.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.sQV9RL/_old 2011-03-14 15:30:09.000000000 +0100 +++ /var/tmp/diff_new_pack.sQV9RL/_new 2011-03-14 15:30:09.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package tiff (Version 3.8.2) +# spec file for package tiff # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ # Url: http://www.remotesensing.org/libtiff/ Version: 3.8.2 -Release: 145.<RELEASE4> +Release: 145.<RELEASE6> Summary: Tools for Converting from and to the Tiff Format Source: tiff-%{version}.tar.bz2 Source1: jpegint.h @@ -44,6 +44,8 @@ Patch9: tiff-3.8.2-lzw-CVE-2009-2285.patch Patch10: tiff-%{version}-CVE-2009-2347.patch Patch11: tiff-%{version}-CVE-2010-1411.patch +Patch12: tiff-%{version}-CVE-2011-0192.patch +Patch13: tiff-%{version}-CVE-2011-0191.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -110,6 +112,8 @@ %patch9 %patch10 -p1 %patch11 -p1 +%patch12 +%patch13 cp %{S:1} libtiff find -type d -name "CVS" | xargs rm -rfv find -type d | xargs chmod 755 ++++++ tiff-3.8.2-CVE-2011-0191.patch ++++++ Index: libtiff/tif_dir.c =================================================================== --- libtiff/tif_dir.c.orig +++ libtiff/tif_dir.c @@ -370,6 +370,10 @@ _TIFFVSetField(TIFF* tif, ttag_t tag, va case TIFFTAG_YCBCRSUBSAMPLING: td->td_ycbcrsubsampling[0] = (uint16) va_arg(ap, int); td->td_ycbcrsubsampling[1] = (uint16) va_arg(ap, int); + if (td->td_ycbcrsubsampling[0] > 4) + td->td_ycbcrsubsampling[0] = (td->td_compression == 7) ? 1 : 2; + if (td->td_ycbcrsubsampling[1] > 4) + td->td_ycbcrsubsampling[1] = (td->td_compression == 7) ? 1 : 2; break; case TIFFTAG_TRANSFERFUNCTION: v = (td->td_samplesperpixel - td->td_extrasamples) > 1 ? 3 : 1; ++++++ tiff-3.8.2-CVE-2011-0192.patch ++++++ Index: libtiff/tif_fax3.h =================================================================== --- libtiff/tif_fax3.h.orig +++ libtiff/tif_fax3.h @@ -478,6 +478,10 @@ done1d: \ break; \ case S_VL: \ CHECK_b1; \ + if (b1 <= (int) (a0 + TabEnt->Param)) { \ + unexpected("VL", a0); \ + goto eol2d; \ + } \ SETVALUE(b1 - a0 - TabEnt->Param); \ b1 -= *--pb; \ break; \ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org