Hello community,
here is the log from the commit of package tiff for openSUSE:11.3
checked in at Fri Apr 15 17:04:30 CEST 2011.
--------
--- old-versions/11.3/UPDATES/all/tiff/tiff.changes 2011-03-31 23:07:33.000000000 +0200
+++ 11.3/tiff/tiff.changes 2011-04-14 16:51:30.000000000 +0200
@@ -1,0 +2,7 @@
+Thu Apr 14 16:48:26 CEST 2011 - pgajdos@suse.cz
+
+- fixed following vulnerabilities:
+ * integer overflow CVE-2010-4665 [bnc#687442]
+ * buffer overflow CVE-2009-5022 [bnc#687441]
+
+-------------------------------------------------------------------
calling whatdependson for 11.3-i586
New:
----
tiff-3.9.2-CVE-2009-5022.patch
tiff-3.9.2-CVE-2010-4665.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tiff.spec ++++++
--- /var/tmp/diff_new_pack.1Vaf5w/_old 2011-04-15 17:03:57.000000000 +0200
+++ /var/tmp/diff_new_pack.1Vaf5w/_new 2011-04-15 17:03:57.000000000 +0200
@@ -29,7 +29,7 @@
#
Url: http://www.remotesensing.org/libtiff/
Version: 3.9.2
-Release: 5.<RELEASE8>
+Release: 5.<RELEASE10>
Summary: Tools for Converting from and to the Tiff Format
Source: tiff-%{version}.tar.bz2
Source2: README.SUSE
@@ -46,6 +46,8 @@
Patch11: tiff-%{version}-CVE-2011-0192.patch
Patch12: tiff-%{version}-CVE-2011-0191.patch
Patch13: tiff-3.9.2-CVE-2011-1167.patch
+Patch14: tiff-3.9.2-CVE-2010-4665.patch
+Patch15: tiff-3.9.2-CVE-2009-5022.patch
# FYI: this issue is solved another way
# http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
# Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch
@@ -117,6 +119,8 @@
%patch11
%patch12
%patch13
+%patch14
+%patch15
find -type d -name "CVS" | xargs rm -rfv
find -type d | xargs chmod 755
++++++ tiff-3.9.2-CVE-2009-5022.patch ++++++
http://bugzilla.maptools.org/show_bug.cgi?id=1999#c2 and diff between 3.9.5 and 3.9.4
Index: tiff-3.9.4/libtiff/tif_ojpeg.c
===================================================================
--- libtiff/tif_ojpeg.c
+++ libtiff/tif_ojpeg.c
@@ -1555,6 +1555,11 @@ OJPEGReadHeaderInfoSecStreamSof(TIFF* ti
TIFFErrorExt(tif->tif_clientdata,module,"JPEG compressed data indicates unexpected width");
return(0);
}
+ if ((uint32)p>sp->strile_width)
+ {
+ TIFFErrorExt(tif->tif_clientdata,module,"JPEG compressed data image width exceeds expected image width");
+ return(0);
+ }
sp->sof_x=p;
}
/* Nf: Number of image components in frame */
++++++ tiff-3.9.2-CVE-2010-4665.patch ++++++
http://bugzilla.maptools.org/attachment.cgi?id=398
Make tiffdump more paranoid about checking the count field of a directory
entry.
diff -Naur tiff-3.9.4.orig/tools/tiffdump.c tiff-3.9.4/tools/tiffdump.c
--- tools/tiffdump.c 2010-06-08 14:50:44.000000000 -0400
+++ tools/tiffdump.c 2010-06-22 12:51:42.207932477 -0400
@@ -46,6 +46,7 @@
# include