Add upstream patches for CVE-2013-4231 CVE-2013-4232

libtiff-CVE-2013-4231.patch

@@ -0,0 +1,15 @@
+diff --git a/tools/gif2tiff.c b/tools/gif2tiff.c
+index 17f7a19..375b152 100644
+--- a/tools/gif2tiff.c
++++ b/tools/gif2tiff.c
+@@ -333,6 +333,10 @@ readraster(void)
+     int status = 1;
+ 
+     datasize = getc(infile);
++
++    if (datasize > 12)
++        return 0;
++
+     clear = 1 << datasize;
+     eoi = clear + 1;
+     avail = clear + 2;

libtiff-CVE-2013-4232.patch

@@ -0,0 +1,12 @@
+diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
+index 92a1a3d..312a946 100644
+--- a/tools/tiff2pdf.c
++++ b/tools/tiff2pdf.c
+@@ -2462,6 +2462,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){
+ 					TIFFFileName(input));
+ 				t2p->t2p_error = T2P_ERR_ERROR;
+ 			  _TIFFfree(buffer);
++			  return(0);
+ 			} else {
+ 				buffer=samplebuffer;
+ 				t2p->tiff_datasize *= t2p->tiff_samplesperpixel;

libtiff.spec

@@ -1,7 +1,7 @@
 Summary: Library of functions for manipulating TIFF format image files
 Name: libtiff
 Version: 4.0.3
-Release: 8%{?dist}
+Release: 9%{?dist}
 
 License: libtiff
 Group: System Environment/Libraries
@@ -17,6 +17,8 @@ Patch4: libtiff-jpeg-test.patch
 Patch5: libtiff-CVE-2013-1960.patch
 Patch6: libtiff-CVE-2013-1961.patch
 Patch7: libtiff-manpage-update.patch
+Patch8: libtiff-CVE-2013-4231.patch
+Patch9: libtiff-CVE-2013-4232.patch
 
 BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires: libtool automake autoconf pkgconfig
@@ -75,6 +77,8 @@ image files using the libtiff library.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
+%patch9 -p1
 
 # Use build system's libtool.m4, not the one in the package.
 rm -f libtool.m4
@@ -178,6 +182,10 @@ find html -name 'Makefile*' | xargs rm
 %{_mandir}/man1/*
 
 %changelog
+* Wed Aug 14 2013 Petr Hracek <phracek@redhat.com> 4.0.3-9
+- Add upstream patches for CVE-2013-4231 CVE-2013-4232
+Resolves: #995965 #995975
+
 * Mon Aug 12 2013 Petr Hracek <phracek@redhat.com> - 4.0.3-8
 - Manpage fixing (#510240, #510258)