Resolves: #1472888 - fix CVE-2017-1000050
This commit is contained in:
Josef Ridky
parent
afe878c123
commit
3dd700edaf
15
jasper-2.0.12-CVE-2017-1000050.patch
Normal file
15
jasper-2.0.12-CVE-2017-1000050.patch
Normal file
@ -0,0 +1,15 @@
|
||||
diff -urNp old/src/libjasper/jp2/jp2_enc.c new/src/libjasper/jp2/jp2_enc.c
|
||||
--- old/src/libjasper/jp2/jp2_enc.c 2017-08-25 12:49:46.242889564 +0200
|
||||
+++ new/src/libjasper/jp2/jp2_enc.c 2017-08-25 12:56:41.041654317 +0200
|
||||
@@ -115,6 +115,11 @@ int jp2_encode(jas_image_t *image, jas_s
|
||||
iccstream = 0;
|
||||
iccprof = 0;
|
||||
|
||||
+ if (jas_image_numcmpts(image) < 1) {
|
||||
+ jas_eprintf("image must have at least one component\n");
|
||||
+ goto error;
|
||||
+ }
|
||||
+
|
||||
allcmptssame = 1;
|
||||
sgnd = jas_image_cmptsgnd(image, 0);
|
||||
prec = jas_image_cmptprec(image, 0);
|
||||
@ -7,7 +7,7 @@ Summary: Implementation of the JPEG-2000 standard, Part 1
|
||||
Name: jasper
|
||||
Group: System Environment/Libraries
|
||||
Version: 2.0.12
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
|
||||
%if "%{version}" > "1.900.1"
|
||||
%define ext .tar.gz
|
||||
@ -23,6 +23,7 @@ Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}%{ext}
|
||||
# during the memory allocations
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520
|
||||
Patch1: jasper-1.900.1-CVE-2008-3520.patch
|
||||
Patch2: jasper-2.0.12-CVE-2017-1000050.patch
|
||||
|
||||
# architecture related patches
|
||||
Patch100: jasper-2.0.2-test-ppc64-disable.patch
|
||||
@ -73,6 +74,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
%patch1 -p1 -b .CVE-2008-3520
|
||||
%patch2 -p1 -b .CVE-2017-1000050
|
||||
|
||||
# Need to disable one test to be able to build it on ppc64 arch
|
||||
# At ppc64 this test just stuck (nothing happend - no exception or error)
|
||||
@ -150,6 +152,9 @@ popd
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Aug 25 2017 Josef Ridky <jridky@redhat.com> - 2.0.12-4
|
||||
- CVE-2017-1000050 jasper: NULL pointer exception in jp2_encode() (#1472888)
|
||||
|
||||
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.12-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
@ -162,7 +167,7 @@ popd
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.10-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Thu Jan 17 2017 Josef Ridky <jridky@redhat.com> - 2.0.10-1
|
||||
* Tue Jan 17 2017 Josef Ridky <jridky@redhat.com> - 2.0.10-1
|
||||
- New upstream release 2.0.10 (#1403401)
|
||||
|
||||
* Thu Dec 1 2016 Josef Ridky <jridky@redhat.com> - 2.0.2-1
|
||||
|
||||
Loading…
Reference in New Issue
Block a user