Hello community, here is the log from the commit of package tiff for openSUSE:11.3 checked in at Mon Mar 14 15:35:44 CET 2011.
-------- --- old-versions/11.3/UPDATES/all/tiff/tiff.changes 2010-09-06 15:24:42.000000000 +0200 +++ 11.3/tiff/tiff.changes 2011-03-03 09:29:00.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Feb 17 15:54:23 CET 2011 - pgaj...@suse.cz + +- fixed buffer overflows [bnc#672510] + * CVE-2011-0192.patch + * CVE-2011-0191.patch + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- tiff-3.9.2-CVE-2011-0191.patch tiff-3.9.2-CVE-2011-0192.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.Fxcrht/_old 2011-03-14 15:35:24.000000000 +0100 +++ /var/tmp/diff_new_pack.Fxcrht/_new 2011-03-14 15:35:24.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package tiff (Version 3.9.2) +# spec file for package tiff # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ # Url: http://www.remotesensing.org/libtiff/ Version: 3.9.2 -Release: 5.<RELEASE2> +Release: 5.<RELEASE4> Summary: Tools for Converting from and to the Tiff Format Source: tiff-%{version}.tar.bz2 Source2: README.SUSE @@ -43,6 +43,8 @@ Patch8: tiff-%{version}-dirread-oob-unknown-tags.patch Patch9: tiff-%{version}-scanlinesize.patch Patch10: tiff-%{version}-dont-fancy-upsampling.patch +Patch11: tiff-%{version}-CVE-2011-0192.patch +Patch12: tiff-%{version}-CVE-2011-0191.patch # FYI: this issue is solved another way # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 # Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch @@ -111,6 +113,8 @@ %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 +%patch12 find -type d -name "CVS" | xargs rm -rfv find -type d | xargs chmod 755 ++++++ tiff-3.9.2-CVE-2011-0191.patch ++++++ Index: libtiff/tif_dir.c =================================================================== --- libtiff/tif_dir.c.orig +++ libtiff/tif_dir.c @@ -370,6 +370,10 @@ _TIFFVSetField(TIFF* tif, ttag_t tag, va case TIFFTAG_YCBCRSUBSAMPLING: td->td_ycbcrsubsampling[0] = (uint16) va_arg(ap, int); td->td_ycbcrsubsampling[1] = (uint16) va_arg(ap, int); + if (td->td_ycbcrsubsampling[0] > 4) + td->td_ycbcrsubsampling[0] = (td->td_compression == 7) ? 1 : 2; + if (td->td_ycbcrsubsampling[1] > 4) + td->td_ycbcrsubsampling[1] = (td->td_compression == 7) ? 1 : 2; break; case TIFFTAG_TRANSFERFUNCTION: v = (td->td_samplesperpixel - td->td_extrasamples) > 1 ? 3 : 1; ++++++ tiff-3.9.2-CVE-2011-0192.patch ++++++ Index: libtiff/tif_fax3.h =================================================================== --- libtiff/tif_fax3.h.orig +++ libtiff/tif_fax3.h @@ -478,6 +478,10 @@ done1d: \ break; \ case S_VL: \ CHECK_b1; \ + if (b1 <= (int) (a0 + TabEnt->Param)) { \ + unexpected("VL", a0); \ + goto eol2d; \ + } \ SETVALUE(b1 - a0 - TabEnt->Param); \ b1 -= *--pb; \ break; \ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org