fix CVE-2023-52356: libtiff could crash in TIFFReadRGBATileExt when parsing crafted tiff file (RHEL-17337)
note:intentionaly spec file change only, no patch yet, for infra testing Resolves: RHEL-17337
This commit is contained in:
parent
3fc1a85f8a
commit
22b43237f8
@ -1,7 +1,7 @@
|
||||
Summary: Library of functions for manipulating TIFF format image files
|
||||
Name: libtiff
|
||||
Version: 4.4.0
|
||||
Release: 13%{?dist}
|
||||
Release: 14%{?dist}
|
||||
License: libtiff
|
||||
URL: http://www.simplesystems.org/libtiff/
|
||||
|
||||
@ -39,6 +39,9 @@ Patch0022: 0022-CVE-2023-6228-Merge-branch-fix_606_tiffcp_check_also.patch
|
||||
# from upstream, for <=4.6.0, RHEL-52931
|
||||
# https://gitlab.com/libtiff/libtiff/-/commit/3705f82b6483c7906cf08cd6b9dcdcd59c61d779
|
||||
Patch23: libtiff-4.6.0-CVE-2024-7006.patch
|
||||
# from upstream, for <=4.6.0, RHEL-17337
|
||||
# https://gitlab.com/libtiff/libtiff/-/merge_requests/546.patch
|
||||
Patch24: libtiff-4.4.0-CVE-2023-52356.patch
|
||||
|
||||
BuildRequires: gcc, gcc-c++
|
||||
BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel
|
||||
@ -191,6 +194,9 @@ find html -name 'Makefile*' | xargs rm
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Tue Apr 22 2025 Michal Hlavinka <mhlavink@redhat.com> - 4.4.0-14
|
||||
- fix CVE-2023-52356: libtiff could crash in TIFFReadRGBATileExt when parsing crafted tiff file (RHEL-17337)
|
||||
|
||||
* Wed Aug 21 2024 Michal Hlavinka <mhlavink@redhat.com> - 4.4.0-13
|
||||
- fix CVE-2024-7006 a null pointer dereference in tif_dirinfo (RHEL-52931)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user