[libjpeg-turbo/f19] Apply fixes CVE-2013-6629, CVE-2013-6630 (#1031737)
Petr Hracek
phracek at fedoraproject.org
Thu Dec 19 15:11:47 UTC 2013
commit 4ded7e17f9a05e01765a5ae3c9bff3ab5c677618
Author: Petr Hracek <phracek at redhat.com>
Date: Thu Dec 19 16:08:16 2013 +0100
Apply fixes CVE-2013-6629, CVE-2013-6630 (#1031737)
libjpeg-turbo-CVE-2013-6629.patch | 17 +++++++++++++++++
libjpeg-turbo-CVE-2013-6630.patch | 12 ++++++++++++
libjpeg-turbo.spec | 9 ++++++++-
3 files changed, 37 insertions(+), 1 deletions(-)
---
diff --git a/libjpeg-turbo-CVE-2013-6629.patch b/libjpeg-turbo-CVE-2013-6629.patch
new file mode 100644
index 0000000..1ee5fbe
--- /dev/null
+++ b/libjpeg-turbo-CVE-2013-6629.patch
@@ -0,0 +1,17 @@
+diff --git a/jdmarker.c b/jdmarker.c
+index 77f7274..7b4c12d 100644
+--- a/jdmarker.c
++++ b/jdmarker.c
+@@ -348,6 +348,12 @@ get_sos (j_decompress_ptr cinfo)
+
+ TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
+ compptr->dc_tbl_no, compptr->ac_tbl_no);
++
++ /* This CSi (cc) should differ from the previous CSi */
++ for (ci = 0; ci < i; ci++) {
++ if (cinfo->cur_comp_info[ci] == compptr)
++ ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
++ }
+ }
+
+ /* Collect the additional scan parameters Ss, Se, Ah/Al. */
diff --git a/libjpeg-turbo-CVE-2013-6630.patch b/libjpeg-turbo-CVE-2013-6630.patch
new file mode 100644
index 0000000..a398278
--- /dev/null
+++ b/libjpeg-turbo-CVE-2013-6630.patch
@@ -0,0 +1,12 @@
+diff --git a/jdmarker.c b/jdmarker.c
+index 7b4c12d..381835b 100644
+--- a/jdmarker.c
++++ b/jdmarker.c
+@@ -471,6 +471,7 @@ get_dht (j_decompress_ptr cinfo)
+ for (i = 0; i < count; i++)
+ INPUT_BYTE(cinfo, huffval[i], return FALSE);
+
++ MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
+ length -= count;
+
+ if (index & 0x10) { /* AC table definition */
diff --git a/libjpeg-turbo.spec b/libjpeg-turbo.spec
index 5ce6c38..3bb7ee4 100644
--- a/libjpeg-turbo.spec
+++ b/libjpeg-turbo.spec
@@ -1,6 +1,6 @@
Name: libjpeg-turbo
Version: 1.2.90
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: A MMX/SSE2 accelerated library for manipulating JPEG image files
Group: System Environment/Libraries
@@ -25,6 +25,8 @@ Provides: libjpeg%{_isa} = 6b-47%{?dist}
%endif
Patch0: libjpeg-turbo12-noinst.patch
+Patch1: libjpeg-turbo-CVE-2013-6629.patch
+Patch2: libjpeg-turbo-CVE-2013-6630.patch
%description
The libjpeg-turbo package contains a library of functions for manipulating
@@ -92,6 +94,8 @@ will manipulate JPEG files using the TurboJPEG library.
%setup -q
%patch0 -p1 -b .noinst
+%patch1 -p1 -b .CVE-2013-6629
+%patch2 -p1 -b .CVE-2013-6630
%build
autoreconf -fiv
@@ -165,6 +169,9 @@ make test
%{_libdir}/libturbojpeg.so
%changelog
+* Thu Dec 19 2013 Petr Hracek <phracek at redhat.com> - 1.2.90-3
+- Apply fixes CVE-2013-6629, CVE-2013-6630 (#1031737)
+
* Tue Mar 26 2013 Adam Tkac <atkac redhat com> - 1.2.90-2
- rebuild for ARM64 support
More information about the scm-commits
mailing list