SOURCES: libexif-cve-2007-6351.patch (NEW), libexif-cve-2007-6352....

blues Mon, 24 Dec 2007 01:58:05 -0800

Author: blues                        Date: Mon Dec 24 10:05:23 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- rel.2 - patches from RH: CVE-2007-6351, CVE-2007-6352


---- Files affected:
SOURCES:
   libexif-cve-2007-6351.patch (NONE -> 1.1)  (NEW), 
libexif-cve-2007-6352.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/libexif-cve-2007-6351.patch
diff -u /dev/null SOURCES/libexif-cve-2007-6351.patch:1.1
--- /dev/null   Mon Dec 24 11:05:23 2007
+++ SOURCES/libexif-cve-2007-6351.patch Mon Dec 24 11:05:18 2007
@@ -0,0 +1,13 @@
+diff -up libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351 
libexif-0.6.13/libexif/exif-loader.c
+--- libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351 2007-12-15 
22:16:06.000000000 -0500
++++ libexif-0.6.13/libexif/exif-loader.c       2007-12-15 22:16:42.000000000 
-0500
+@@ -173,6 +173,9 @@ exif_loader_write (ExifLoader *eld, unsi
+               break;
+       }
+ 
++      if (!len)
++              return 1;
++
+       exif_log (eld->log, EXIF_LOG_CODE_DEBUG, "ExifLoader",
+                 "Scanning %i byte(s) of data...", len);
+ 

================================================================
Index: SOURCES/libexif-cve-2007-6352.patch
diff -u /dev/null SOURCES/libexif-cve-2007-6352.patch:1.1
--- /dev/null   Mon Dec 24 11:05:23 2007
+++ SOURCES/libexif-cve-2007-6352.patch Mon Dec 24 11:05:18 2007
@@ -0,0 +1,16 @@
+diff -up libexif-0.6.13/libexif/exif-data.c.cve-2007-6352 
libexif-0.6.13/libexif/exif-data.c
+--- libexif-0.6.13/libexif/exif-data.c.cve-2007-6352   2007-12-15 
22:06:15.000000000 -0500
++++ libexif-0.6.13/libexif/exif-data.c 2007-12-15 22:07:27.000000000 -0500
+@@ -285,10 +285,9 @@ static void
+ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
+                              unsigned int ds, ExifLong offset, ExifLong size)
+ {
+-      if (ds < offset + size) {
++      if ((ds < offset + size) || (offset < 0) || (size < 0) || (offset + 
size < offset)) {
+               exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+-                        "Bogus thumbnail offset and size: %i < %i + %i.",
+-                        (int) ds, (int) offset, (int) size);
++                        "Bogus thumbnail offset and size");
+               return;
+       }
+       if (data->data) 
================================================================
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

SOURCES: libexif-cve-2007-6351.patch (NEW), libexif-cve-2007-6352....

Reply via email to