fix CVE-2007-6351 and CVE-2007-6352
This commit is contained in:
Matthias Clasen
parent
17b1ff9fcf
commit
3a16cdcbef
13
cve-2007-6351.patch
Normal file
13
cve-2007-6351.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff -up libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351 libexif-0.6.13/libexif/exif-loader.c
|
||||
--- libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351 2007-12-15 22:16:06.000000000 -0500
|
||||
+++ libexif-0.6.13/libexif/exif-loader.c 2007-12-15 22:16:42.000000000 -0500
|
||||
@@ -173,6 +173,9 @@ exif_loader_write (ExifLoader *eld, unsi
|
||||
break;
|
||||
}
|
||||
|
||||
+ if (!len)
|
||||
+ return 1;
|
||||
+
|
||||
exif_log (eld->log, EXIF_LOG_CODE_DEBUG, "ExifLoader",
|
||||
"Scanning %i byte(s) of data...", len);
|
||||
|
||||
16
cve-2007-6352.patch
Normal file
16
cve-2007-6352.patch
Normal file
@ -0,0 +1,16 @@
|
||||
diff -up libexif-0.6.13/libexif/exif-data.c.cve-2007-6352 libexif-0.6.13/libexif/exif-data.c
|
||||
--- libexif-0.6.13/libexif/exif-data.c.cve-2007-6352 2007-12-15 22:06:15.000000000 -0500
|
||||
+++ libexif-0.6.13/libexif/exif-data.c 2007-12-15 22:07:27.000000000 -0500
|
||||
@@ -285,10 +285,9 @@ static void
|
||||
exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
|
||||
unsigned int ds, ExifLong offset, ExifLong size)
|
||||
{
|
||||
- if (ds < offset + size) {
|
||||
+ if ((ds < offset + size) || (offset < 0) || (size < 0) || (offset + size < offset)) {
|
||||
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
|
||||
- "Bogus thumbnail offset and size: %i < %i + %i.",
|
||||
- (int) ds, (int) offset, (int) size);
|
||||
+ "Bogus thumbnail offset and size");
|
||||
return;
|
||||
}
|
||||
if (data->data)
|
||||
11
libexif.spec
11
libexif.spec
@ -1,13 +1,15 @@
|
||||
Summary: Library for extracting extra information from image files
|
||||
Name: libexif
|
||||
Version: 0.6.15
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
Group: System Environment/Libraries
|
||||
License: LGPLv2+
|
||||
URL: http://libexif.sourceforge.net/
|
||||
Source0: libexif-%{version}.tar.bz2
|
||||
Source1: libexif-docs.tar.gz
|
||||
Patch0: libexif-cve-2007-4168.patch
|
||||
Patch1: cve-2007-6351.patch
|
||||
Patch2: cve-2007-6352.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: doxygen
|
||||
|
||||
@ -29,6 +31,9 @@ for writing programs that use libexif.
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1 -b .cve-2007-4168
|
||||
%patch1 -p1 -b .cve-2007-6351
|
||||
%patch2 -p1 -b .cve-2007-6352
|
||||
|
||||
# to avoid multilib conflicts, we toss in pre-generated docs
|
||||
# and neuter make all in the docs dir
|
||||
tar xzf %{SOURCE1}
|
||||
@ -67,6 +72,10 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_libdir}/pkgconfig/libexif.pc
|
||||
|
||||
%changelog
|
||||
* Sat Dec 15 2007 Matthias Clasen <mclasen@redhat.com> - 0.6.15-5
|
||||
- Add patch for CVE-2007-6351. Fixes bug #425641
|
||||
- Add patch for CVE-2007-6352. Fixes bug #425641
|
||||
|
||||
* Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 0.6.15-4
|
||||
- Rebuild for selinux ppc32 issue.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user