- update upstream URL
- Fix some more LZW decoding vulnerabilities (CVE-2009-2285) Related:
#511015
This commit is contained in:
parent
121475f5fb
commit
1aa6993d5e
@ -1,4 +1,4 @@
|
||||
Fixes for CVE-2008-2327
|
||||
Fixes for CVE-2008-2327 and CVE-2009-2285
|
||||
|
||||
|
||||
diff -Naur tiff-3.8.2.orig/libtiff/tif_lzw.c tiff-3.8.2/libtiff/tif_lzw.c
|
||||
@ -27,7 +27,7 @@ diff -Naur tiff-3.8.2.orig/libtiff/tif_lzw.c tiff-3.8.2/libtiff/tif_lzw.c
|
||||
NextCode(tif, sp, bp, code, GetNextCode);
|
||||
if (code == CODE_EOI)
|
||||
break;
|
||||
+ if (code == CODE_CLEAR) {
|
||||
+ if (code >= CODE_CLEAR) {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
|
||||
+ "LZWDecode: Corrupted LZW table at scanline %d",
|
||||
+ tif->tif_row);
|
||||
@ -47,7 +47,7 @@ diff -Naur tiff-3.8.2.orig/libtiff/tif_lzw.c tiff-3.8.2/libtiff/tif_lzw.c
|
||||
NextCode(tif, sp, bp, code, GetNextCodeCompat);
|
||||
if (code == CODE_EOI)
|
||||
break;
|
||||
+ if (code == CODE_CLEAR) {
|
||||
+ if (code >= CODE_CLEAR) {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
|
||||
+ "LZWDecodeCompat: Corrupted LZW table at scanline %d",
|
||||
+ tif->tif_row);
|
||||
|
||||
@ -7,10 +7,10 @@
|
||||
Summary: MinGW Windows port of the LibTIFF library
|
||||
Name: mingw32-libtiff
|
||||
Version: 3.8.2
|
||||
Release: 16%{?dist}
|
||||
Release: 17%{?dist}
|
||||
License: libtiff
|
||||
Group: System Environment/Libraries
|
||||
URL: http://www.libtiff.org/
|
||||
URL: http://www.remotesensing.org/libtiff/
|
||||
|
||||
Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
|
||||
Patch0: tiffsplit-overflow.patch
|
||||
@ -77,6 +77,11 @@ rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Jul 13 2009 Michael Ploujnikov <ploujj@gmail.com> - 3.8.2-17
|
||||
- update upstream URL
|
||||
- Fix some more LZW decoding vulnerabilities (CVE-2009-2285)
|
||||
Related: #511015
|
||||
|
||||
* Mon Jun 8 2009 Michael Ploujnikov <ploujj@gmail.com> - 3.8.2-16
|
||||
- add mingw32-gcc-c++ to the BuildRequirements
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user