[libtiff/f18] Added upstream patches for CVE-2013-4244 (#996468)

Petr Hracek phracek at fedoraproject.org
Mon Sep 2 11:30:53 UTC 2013


commit 2272dac945a6e5d8ca8a9fc03314e5bcefbef869
Author: Petr Hracek <phracek at redhat.com>
Date:   Mon Sep 2 13:30:17 2013 +0200

    Added upstream patches for CVE-2013-4244 (#996468)

 libtiff-CVE-2013-4244.patch |   15 +++++++++++++++
 libtiff.spec                |    8 +++++++-
 2 files changed, 22 insertions(+), 1 deletions(-)
---
diff --git a/libtiff-CVE-2013-4244.patch b/libtiff-CVE-2013-4244.patch
new file mode 100644
index 0000000..792e076
--- /dev/null
+++ b/libtiff-CVE-2013-4244.patch
@@ -0,0 +1,15 @@
+diff --git a/tools/gif2tiff.c b/tools/gif2tiff.c
+index 375b152..2731273 100644
+--- a/tools/gif2tiff.c
++++ b/tools/gif2tiff.c
+@@ -402,6 +402,10 @@ process(register int code, unsigned char** fill)
+     }
+ 
+     if (oldcode == -1) {
++        if (code >= clear) {
++            fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
++            return 0;
++        }
+ 	*(*fill)++ = suffix[code];
+ 	firstchar = oldcode = code;
+ 	return 1;
diff --git a/libtiff.spec b/libtiff.spec
index 99d1f04..619f1aa 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,7 +1,7 @@
 Summary: Library of functions for manipulating TIFF format image files
 Name: libtiff
 Version: 4.0.3
-Release: 8%{?dist}
+Release: 9%{?dist}
 
 License: libtiff
 Group: System Environment/Libraries
@@ -19,6 +19,7 @@ Patch6: libtiff-CVE-2013-1961.patch
 Patch7: libtiff-manpage-update.patch
 Patch8: libtiff-CVE-2013-4231.patch
 Patch9: libtiff-CVE-2013-4232.patch
+Patch10: libtiff-CVE-2013-4244.patch
 
 BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires: libtool automake autoconf pkgconfig
@@ -79,6 +80,7 @@ image files using the libtiff library.
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
 
 # Use build system's libtool.m4, not the one in the package.
 rm -f libtool.m4
@@ -182,6 +184,10 @@ find html -name 'Makefile*' | xargs rm
 %{_mandir}/man1/*
 
 %changelog
+* Mon Aug 19 2013 Petr Hracek <phracek at redhat.com> 4.0.3-9
+- Add upstream patches for CVE-2013-4244
+Resolves: #996468
+
 * Wed Aug 14 2013 Petr Hracek <phracek at redhat.com> 4.0.3-8
 - Bump version
 


More information about the scm-commits mailing list