fix CVE-2023-52356: libtiff could crash in TIFFReadRGBATileExt when parsing crafted tiff file (RHEL-17337)

note:intentionaly spec file change only, no patch yet, for infra testing

Resolves: RHEL-17337
This commit is contained in:
Michal Hlavinka 2025-04-22 16:58:19 +02:00
parent 3fc1a85f8a
commit 22b43237f8

View File

@ -1,7 +1,7 @@
Summary: Library of functions for manipulating TIFF format image files
Name: libtiff
Version: 4.4.0
Release: 13%{?dist}
Release: 14%{?dist}
License: libtiff
URL: http://www.simplesystems.org/libtiff/
@ -39,6 +39,9 @@ Patch0022: 0022-CVE-2023-6228-Merge-branch-fix_606_tiffcp_check_also.patch
# from upstream, for <=4.6.0, RHEL-52931
# https://gitlab.com/libtiff/libtiff/-/commit/3705f82b6483c7906cf08cd6b9dcdcd59c61d779
Patch23: libtiff-4.6.0-CVE-2024-7006.patch
# from upstream, for <=4.6.0, RHEL-17337
# https://gitlab.com/libtiff/libtiff/-/merge_requests/546.patch
Patch24: libtiff-4.4.0-CVE-2023-52356.patch
BuildRequires: gcc, gcc-c++
BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel
@ -191,6 +194,9 @@ find html -name 'Makefile*' | xargs rm
%{_mandir}/man1/*
%changelog
* Tue Apr 22 2025 Michal Hlavinka <mhlavink@redhat.com> - 4.4.0-14
- fix CVE-2023-52356: libtiff could crash in TIFFReadRGBATileExt when parsing crafted tiff file (RHEL-17337)
* Wed Aug 21 2024 Michal Hlavinka <mhlavink@redhat.com> - 4.4.0-13
- fix CVE-2024-7006 a null pointer dereference in tif_dirinfo (RHEL-52931)