[mingw-libtiff: 4/18] - update upstream URL - Fix some more LZW decoding vulnerabilities (CVE-2009-2285) Related: #511

Kalev Lember kalev at fedoraproject.org
Tue Mar 6 19:47:22 UTC 2012 

commit 1aa6993d5e03254c5bb397efdcb63df5354c4592
Author: plouj <plouj at fedoraproject.org>
Date:   Mon Jul 13 23:09:30 2009 +0000

    - update upstream URL
    - Fix some more LZW decoding vulnerabilities (CVE-2009-2285) Related:
        #511015

 libtiff-3.8.2-lzw-bugs.patch |    6 +++---
 mingw32-libtiff.spec         |    9 +++++++--
 2 files changed, 10 insertions(+), 5 deletions(-)
---
diff --git a/libtiff-3.8.2-lzw-bugs.patch b/libtiff-3.8.2-lzw-bugs.patch
index 874e5e3..a0d46f2 100644
--- a/libtiff-3.8.2-lzw-bugs.patch
+++ b/libtiff-3.8.2-lzw-bugs.patch
@@ -1,4 +1,4 @@
-Fixes for CVE-2008-2327
+Fixes for CVE-2008-2327 and CVE-2009-2285
 
 
 diff -Naur tiff-3.8.2.orig/libtiff/tif_lzw.c tiff-3.8.2/libtiff/tif_lzw.c
@@ -27,7 +27,7 @@ diff -Naur tiff-3.8.2.orig/libtiff/tif_lzw.c tiff-3.8.2/libtiff/tif_lzw.c
  			NextCode(tif, sp, bp, code, GetNextCode);
  			if (code == CODE_EOI)
  				break;
-+			if (code == CODE_CLEAR) {
++			if (code >= CODE_CLEAR) {
 +				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
 +				"LZWDecode: Corrupted LZW table at scanline %d",
 +				tif->tif_row);
@@ -47,7 +47,7 @@ diff -Naur tiff-3.8.2.orig/libtiff/tif_lzw.c tiff-3.8.2/libtiff/tif_lzw.c
  			NextCode(tif, sp, bp, code, GetNextCodeCompat);
  			if (code == CODE_EOI)
  				break;
-+			if (code == CODE_CLEAR) {
++			if (code >= CODE_CLEAR) {
 +				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
 +				"LZWDecodeCompat: Corrupted LZW table at scanline %d",
 +				tif->tif_row);
diff --git a/mingw32-libtiff.spec b/mingw32-libtiff.spec
index 4a75cdc..c5f4846 100644
--- a/mingw32-libtiff.spec
+++ b/mingw32-libtiff.spec
@@ -7,10 +7,10 @@
 Summary: MinGW Windows port of the LibTIFF library
 Name: mingw32-libtiff
 Version: 3.8.2
-Release: 16%{?dist}
+Release: 17%{?dist}
 License: libtiff
 Group: System Environment/Libraries
-URL: http://www.libtiff.org/
+URL: http://www.remotesensing.org/libtiff/
 
 Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
 Patch0: tiffsplit-overflow.patch
@@ -77,6 +77,11 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Mon Jul 13 2009 Michael Ploujnikov <ploujj at gmail.com> - 3.8.2-17
+- update upstream URL
+- Fix some more LZW decoding vulnerabilities (CVE-2009-2285)
+Related: #511015
+
 * Mon Jun 8 2009 Michael Ploujnikov <ploujj at gmail.com> - 3.8.2-16
 - add mingw32-gcc-c++ to the BuildRequirements

More information about the scm-commits mailing list