From a66d53ca30452717ccac3c6a0c77959d32459c04 Mon Sep 17 00:00:00 2001 From: Josef Ridky Date: Wed, 8 Feb 2017 15:08:06 +0100 Subject: [PATCH] Resolves: #1419650 - CVE-2017-5849 --- netpbm-CVE-2017-5849.patch | 12 ++++++++++++ netpbm.spec | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 netpbm-CVE-2017-5849.patch diff --git a/netpbm-CVE-2017-5849.patch b/netpbm-CVE-2017-5849.patch new file mode 100644 index 0000000..f2c703b --- /dev/null +++ b/netpbm-CVE-2017-5849.patch @@ -0,0 +1,12 @@ +diff -urpN old/converter/other/tifftopnm.c new/converter/other/tifftopnm.c +--- old/converter/other/tifftopnm.c 2017-02-08 13:58:14.515058955 +0100 ++++ new/converter/other/tifftopnm.c 2017-02-08 14:47:25.684420520 +0100 +@@ -1526,7 +1526,7 @@ convertRasterInMemory(pnmOut * + *statusP = CONV_FAILED; + } else { + int ok; +- ok = TIFFRGBAImageGet(&img, raster, cols, rows); ++ ok = TIFFRGBAImageGet(&img, raster, rows, cols); + TIFFRGBAImageEnd(&img) ; + if (!ok) { + pm_message("%s", emsg); diff --git a/netpbm.spec b/netpbm.spec index 0070b9d..33deacd 100644 --- a/netpbm.spec +++ b/netpbm.spec @@ -19,6 +19,7 @@ Patch2: netpbm-ppmfadeusage.patch Patch3: netpbm-noppmtompeg.patch Patch4: netpbm-CVE-2017-2586.patch Patch5: netpbm-CVE-2017-2587.patch +Patch6: netpbm-CVE-2017-5849.patch BuildRequires: libjpeg-devel, libpng-devel, libtiff-devel, flex BuildRequires: libX11-devel, perl-generators, python, jasper-devel, libxml2-devel BuildRequires: ghostscript-core @@ -80,6 +81,7 @@ netpbm-doc. You'll also need to install the netpbm-progs package. %patch3 -p1 -b .noppmtompeg %patch4 -p1 -b .CVE-2586 %patch5 -p1 -b .CVE-2587 +%patch6 -p1 -b .CVE-5849 %build ./configure < - 10.77.00-3 - fix CVE-2017-2586, CVE-2017-2587 (#1419545) +- fix CVE-2017-5849 (#1419650) * Mon Jan 23 2017 Josef Ridky - 10.77.00-2 - fix #1404757 - add copyright_summary to doc section