[libtiff/f19] Added upstream patches for CVE-2013-4244 (#996468)
Petr Hracek
phracek at fedoraproject.org
Mon Sep 2 10:22:09 UTC 2013
commit cafdc12bde35bd3f7280d27dfd7c46465677c536
Author: Petr Hracek <phracek at redhat.com>
Date: Mon Sep 2 12:21:53 2013 +0200
Added upstream patches for CVE-2013-4244 (#996468)
libtiff-CVE-2013-4244.patch | 15 +++++++++++++++
libtiff.spec | 8 +++++++-
2 files changed, 22 insertions(+), 1 deletions(-)
---
diff --git a/libtiff-CVE-2013-4244.patch b/libtiff-CVE-2013-4244.patch
new file mode 100644
index 0000000..792e076
--- /dev/null
+++ b/libtiff-CVE-2013-4244.patch
@@ -0,0 +1,15 @@
+diff --git a/tools/gif2tiff.c b/tools/gif2tiff.c
+index 375b152..2731273 100644
+--- a/tools/gif2tiff.c
++++ b/tools/gif2tiff.c
+@@ -402,6 +402,10 @@ process(register int code, unsigned char** fill)
+ }
+
+ if (oldcode == -1) {
++ if (code >= clear) {
++ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
++ return 0;
++ }
+ *(*fill)++ = suffix[code];
+ firstchar = oldcode = code;
+ return 1;
diff --git a/libtiff.spec b/libtiff.spec
index 74e699c..cf920e9 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,7 +1,7 @@
Summary: Library of functions for manipulating TIFF format image files
Name: libtiff
Version: 4.0.3
-Release: 8%{?dist}
+Release: 9%{?dist}
License: libtiff
Group: System Environment/Libraries
@@ -19,6 +19,7 @@ Patch6: libtiff-CVE-2013-1961.patch
Patch7: libtiff-manpage-update.patch
Patch8: libtiff-CVE-2013-4231.patch
Patch9: libtiff-CVE-2013-4232.patch
+Patch10: libtiff-CVE-2013-4244.patch
BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
BuildRequires: libtool automake autoconf pkgconfig
@@ -79,6 +80,7 @@ image files using the libtiff library.
%patch7 -p1
%patch8 -p1
%patch9 -p1
+%patch10 -p1
# Use build system's libtool.m4, not the one in the package.
rm -f libtool.m4
@@ -182,6 +184,10 @@ find html -name 'Makefile*' | xargs rm
%{_mandir}/man1/*
%changelog
+* Mon Aug 19 2013 Petr Hracek <phracek at redhat.com> 4.0.3-9
+- Add upstream patches for CVE-2013-4244
+Resolves: #996468
+
* Wed Aug 14 2013 Petr Hracek <phracek at redhat.com> 4.0.3-8
- Add upstream patches for CVE-2013-4231 CVE-2013-4232
Resolves: #995965 #995975
More information about the scm-commits
mailing list