Hello community, here is the log from the commit of package tiff for openSUSE:11.4 checked in at Mon Mar 14 15:44:11 CET 2011.
-------- --- old-versions/11.4/all/tiff/tiff.changes 2010-09-06 15:07:08.000000000 +0200 +++ 11.4/tiff/tiff.changes 2011-03-03 09:54:26.000000000 +0100 @@ -1,0 +2,6 @@ +Thu Mar 3 09:36:49 CET 2011 - pgaj...@suse.cz + +- fixed buffer overflow [bnc#672510] + * CVE-2011-0192.patch + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/tiff Destination is old-versions/11.4/UPDATES/all/tiff calling whatdependson for 11.4-i586 New: ---- tiff-3.9.4-CVE-2011-0192.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.BGdSct/_old 2011-03-14 15:43:40.000000000 +0100 +++ /var/tmp/diff_new_pack.BGdSct/_new 2011-03-14 15:43:40.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package tiff (Version 3.9.4) +# spec file for package tiff # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ # Url: http://www.remotesensing.org/libtiff/ Version: 3.9.4 -Release: 2 +Release: 3.<RELEASE2> Summary: Tools for Converting from and to the Tiff Format Source: tiff-%{version}.tar.bz2 Source2: README.SUSE @@ -40,6 +40,7 @@ Patch7: tiff-%{version}-getimage-64bit.patch Patch8: tiff-%{version}-scanlinesize.patch Patch9: tiff-%{version}-dont-fancy-upsampling.patch +Patch10: tiff-%{version}-CVE-2011-0192.patch # FYI: this issue is solved another way # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 # Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch @@ -105,6 +106,7 @@ %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 find -type d -name "CVS" | xargs rm -rfv find -type d | xargs chmod 755 ++++++ tiff-3.9.4-CVE-2011-0192.patch ++++++ Index: libtiff/tif_fax3.h =================================================================== --- libtiff/tif_fax3.h.orig +++ libtiff/tif_fax3.h @@ -478,6 +478,10 @@ done1d: \ break; \ case S_VL: \ CHECK_b1; \ + if (b1 <= (int) (a0 + TabEnt->Param)) { \ + unexpected("VL", a0); \ + goto eol2d; \ + } \ SETVALUE(b1 - a0 - TabEnt->Param); \ b1 -= *--pb; \ break; \ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
