rpms/libtiff/F-10 libtiff-3.8.2-lzw-bugs.patch, 1.1, 1.2 libtiff.spec, 1.52, 1.53

Tom Lane tgl at fedoraproject.org
Wed Jul 1 15:29:03 UTC 2009 

Author: tgl

Update of /cvs/pkgs/rpms/libtiff/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30222

Modified Files:
	libtiff-3.8.2-lzw-bugs.patch libtiff.spec 
Log Message:
Fix for CVE-2009-2285

libtiff-3.8.2-lzw-bugs.patch:

Index: libtiff-3.8.2-lzw-bugs.patch
===================================================================
RCS file: /cvs/pkgs/rpms/libtiff/F-10/libtiff-3.8.2-lzw-bugs.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- libtiff-3.8.2-lzw-bugs.patch	26 Aug 2008 15:52:30 -0000	1.1
+++ libtiff-3.8.2-lzw-bugs.patch	1 Jul 2009 15:29:02 -0000	1.2
@@ -1,4 +1,4 @@
-Fixes for CVE-2008-2327
+Fixes for CVE-2008-2327 and CVE-2009-2285
 
 
 diff -Naur tiff-3.8.2.orig/libtiff/tif_lzw.c tiff-3.8.2/libtiff/tif_lzw.c
@@ -27,7 +27,7 @@ diff -Naur tiff-3.8.2.orig/libtiff/tif_l
  			NextCode(tif, sp, bp, code, GetNextCode);
  			if (code == CODE_EOI)
  				break;
-+			if (code == CODE_CLEAR) {
++			if (code >= CODE_CLEAR) {
 +				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
 +				"LZWDecode: Corrupted LZW table at scanline %d",
 +				tif->tif_row);
@@ -47,7 +47,7 @@ diff -Naur tiff-3.8.2.orig/libtiff/tif_l
  			NextCode(tif, sp, bp, code, GetNextCodeCompat);
  			if (code == CODE_EOI)
  				break;
-+			if (code == CODE_CLEAR) {
++			if (code >= CODE_CLEAR) {
 +				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
 +				"LZWDecodeCompat: Corrupted LZW table at scanline %d",
 +				tif->tif_row);


Index: libtiff.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libtiff/F-10/libtiff.spec,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -p -r1.52 -r1.53
--- libtiff.spec	26 Aug 2008 15:52:30 -0000	1.52
+++ libtiff.spec	1 Jul 2009 15:29:03 -0000	1.53
@@ -1,10 +1,10 @@
 Summary: Library of functions for manipulating TIFF format image files
 Name: libtiff
 Version: 3.8.2
-Release: 11%{?dist}
+Release: 13%{?dist}
 License: libtiff
 Group: System Environment/Libraries
-URL: http://www.libtiff.org/
+URL: http://www.remotesensing.org/libtiff/
 
 Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
 Patch0: tiffsplit-overflow.patch
@@ -157,6 +157,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/*.a
 
 %changelog
+* Wed Jul  1 2009 Tom Lane <tgl at redhat.com> 3.8.2-13
+- Fix some more LZW decoding vulnerabilities (CVE-2009-2285)
+Related: #507465
+- Update upstream URL
+
 * Tue Aug 26 2008 Tom Lane <tgl at redhat.com> 3.8.2-11
 - Fix LZW decoding vulnerabilities (CVE-2008-2327)
 Related: #458674

More information about the scm-commits mailing list