rpms/dcraw
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2017-14608

Browse Source
This commit is contained in:
Josef Ridky 2018-07-11 11:33:49 +02:00
parent edd0d92579
commit 63afa2c448
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
dcraw-CVE-2017-14608.patch Normal file
View File

@ -0,0 +1,21 @@
diff -urNp old/dcraw.c new/dcraw.c
--- old/dcraw.c 2018-07-11 10:53:51.141803505 +0200
+++ new/dcraw.c 2018-07-11 11:30:08.850528389 +0200
@@ -2627,8 +2627,15 @@ void CLASS kodak_65000_load_raw()
len = MIN (256, width-col);
ret = kodak_65000_decode (buf, len);
for (i=0; i < len; i++)
- if ((RAW(row,col+i) = curve[ret ? buf[i] :
- (pred[i & 1] += buf[i])]) >> 12) derror();
+ {
+ int idx = ret ? buf[i] : (pred[i & 1] += buf[i]);
+ if(idx >=0 && idx <= 0xffff)
+ {
+ if ((RAW(row,col+i) = curve[idx]) >> 12) derror();
+ }
+ else
+ derror();
+ }
}
}

2
dcraw.spec
View File

@ -8,6 +8,7 @@ Source0: http://cybercom.net/~dcoffin/dcraw/archive/dcraw-%{version}.tar.gz
Patch0: dcraw-9.21-lcms2-error-reporting.patch Patch0: dcraw-9.21-lcms2-error-reporting.patch
Patch1: dcraw-CVE-2018-5801.patch Patch1: dcraw-CVE-2018-5801.patch
Patch2: dcraw-CVE-2017-13735.patch Patch2: dcraw-CVE-2017-13735.patch
Patch3: dcraw-CVE-2017-14608.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: gettext BuildRequires: gettext
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
@ -68,6 +69,7 @@ done
%changelog %changelog
* Wed Jul 11 2018 Josef Ridky <jridky@redhat.com> - 9.28.0-2 * Wed Jul 11 2018 Josef Ridky <jridky@redhat.com> - 9.28.0-2
- Fix CVE-2017-13735 (#1488932) - Fix CVE-2017-13735 (#1488932)
- Fix CVE-2017-14608 (#1499687)
* Thu Jun 14 2018 Josef Ridky <jridky@redhat.com> - 9.28.0-1 * Thu Jun 14 2018 Josef Ridky <jridky@redhat.com> - 9.28.0-1
- New upstream release 9.28.0 (#1585348) - New upstream release 9.28.0 (#1585348)