Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at 2023-01-27 10:15:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tiff (Old) and /work/SRC/openSUSE:Factory/.tiff.new.32243 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff" Fri Jan 27 10:15:21 2023 rev:89 rq:1061126 version:4.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2023-01-11 14:33:01.284542137 +0100 +++ /work/SRC/openSUSE:Factory/.tiff.new.32243/tiff.changes 2023-01-27 10:23:14.201751890 +0100 @@ -1,0 +2,7 @@ +Thu Jan 26 07:41:55 UTC 2023 - Michael Vetter <mvet...@suse.com> + +- security update: + * CVE-2022-48281 [bsc#1207413] + + tiff-CVE-2022-48281.patch + +------------------------------------------------------------------- New: ---- tiff-CVE-2022-48281.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.pMDeqX/_old 2023-01-27 10:23:14.665754399 +0100 +++ /var/tmp/diff_new_pack.pMDeqX/_new 2023-01-27 10:23:14.669754421 +0100 @@ -33,6 +33,8 @@ Patch0: tiff-4.0.3-seek.patch # http://bugzilla.maptools.org/show_bug.cgi?id=2442 Patch1: tiff-4.0.3-compress-warning.patch +# PATCH-FIX-UPSTREAM mvet...@suse.com tiff-CVE-2022-48281.patch -- bsc#1207413 +Patch2: tiff-CVE-2022-48281.patch BuildRequires: gcc-c++ BuildRequires: libjbig-devel BuildRequires: libjpeg-devel ++++++ tiff-CVE-2022-48281.patch ++++++ Index: tiff-4.5.0/tools/tiffcrop.c =================================================================== --- tiff-4.5.0.orig/tools/tiffcrop.c +++ tiff-4.5.0/tools/tiffcrop.c @@ -8591,7 +8591,7 @@ static int processCropSelections(struct cropsize + NUM_BUFF_OVERSIZE_BYTES); else { - prev_cropsize = seg_buffs[0].size; + prev_cropsize = seg_buffs[i].size; if (prev_cropsize < cropsize) { next_buff = _TIFFrealloc(
