Author: draenog Date: Fri Sep 5 14:37:31 2008 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- fix CVE-2006-2193, tiff2pdf buffer overflow; taken from Fedora
---- Files affected:
SOURCES:
libtiff-CVE-2006-2193.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/libtiff-CVE-2006-2193.patch
diff -u /dev/null SOURCES/libtiff-CVE-2006-2193.patch:1.1
--- /dev/null Fri Sep 5 16:37:31 2008
+++ SOURCES/libtiff-CVE-2006-2193.patch Fri Sep 5 16:37:25 2008
@@ -0,0 +1,11 @@
+--- tiff-3.8.2/tools/tiff2pdf.c.CVE-2006-2193 2006-03-21 17:42:51.000000000
+0100
++++ tiff-3.8.2/tools/tiff2pdf.c 2006-09-05 10:47:51.000000000 +0200
+@@ -3668,7 +3668,7 @@
+ written += TIFFWriteFile(output, (tdata_t) "(", 1);
+ for (i=0;i<len;i++){
+ if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
+- sprintf(buffer, "\\%.3o", pdfstr[i]);
++ snprintf(buffer, sizeof(buffer), "\\%.3o", (unsigned
char) pdfstr[i]);
+ written += TIFFWriteFile(output, (tdata_t) buffer, 4);
+ } else {
+ switch (pdfstr[i]){
================================================================
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
