rpms/libexif/F-7 cve-2007-6351.patch, NONE, 1.1 cve-2007-6352.patch, NONE, 1.1 libexif.spec, 1.33, 1.34

Matthias Clasen (mclasen) fedora-extras-commits at redhat.com
Sun Dec 16 03:47:35 UTC 2007 

Author: mclasen

Update of /cvs/extras/rpms/libexif/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4379

Modified Files:
	libexif.spec 
Added Files:
	cve-2007-6351.patch cve-2007-6352.patch 
Log Message:
fix CVE-2007-6351 and CVE-2007-6352


cve-2007-6351.patch:

--- NEW FILE cve-2007-6351.patch ---
diff -up libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351 libexif-0.6.13/libexif/exif-loader.c
--- libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351	2007-12-15 22:16:06.000000000 -0500
+++ libexif-0.6.13/libexif/exif-loader.c	2007-12-15 22:16:42.000000000 -0500
@@ -173,6 +173,9 @@ exif_loader_write (ExifLoader *eld, unsi
 		break;
 	}
 
+	if (!len)
+		return 1;
+
 	exif_log (eld->log, EXIF_LOG_CODE_DEBUG, "ExifLoader",
 		  "Scanning %i byte(s) of data...", len);
 

cve-2007-6352.patch:

--- NEW FILE cve-2007-6352.patch ---
diff -up libexif-0.6.13/libexif/exif-data.c.cve-2007-6352 libexif-0.6.13/libexif/exif-data.c
--- libexif-0.6.13/libexif/exif-data.c.cve-2007-6352	2007-12-15 22:06:15.000000000 -0500
+++ libexif-0.6.13/libexif/exif-data.c	2007-12-15 22:07:27.000000000 -0500
@@ -285,10 +285,9 @@ static void
 exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
 			       unsigned int ds, ExifLong offset, ExifLong size)
 {
-	if (ds < offset + size) {
+	if ((ds < offset + size) || (offset < 0) || (size < 0) || (offset + size < offset)) {
 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
-			  "Bogus thumbnail offset and size: %i < %i + %i.",
-			  (int) ds, (int) offset, (int) size);
+			  "Bogus thumbnail offset and size");
 		return;
 	}
 	if (data->data) 


Index: libexif.spec
===================================================================
RCS file: /cvs/extras/rpms/libexif/F-7/libexif.spec,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- libexif.spec	13 Jun 2007 16:02:38 -0000	1.33
+++ libexif.spec	16 Dec 2007 03:46:55 -0000	1.34
@@ -1,13 +1,15 @@
 Summary: Library for extracting extra information from image files
 Name: libexif
 Version: 0.6.15
-Release: 2%{?dist}
+Release: 3%{?dist}
 Group: System Environment/Libraries
 License: LGPL
 URL: http://libexif.sourceforge.net/
 Source0: libexif-%{version}.tar.bz2 
 Source1: libexif-docs.tar.gz
 Patch0: libexif-cve-2007-4168.patch
+Patch1: cve-2007-6351.patch
+Patch2: cve-2007-6352.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) 
 BuildRequires: doxygen
 
@@ -29,6 +31,9 @@
 %prep
 %setup -q
 %patch0 -p1 -b .cve-2007-4168
+%patch1 -p1 -b .cve-2007-6351
+%patch2 -p1 -b .cve-2007-6352
+
 # to avoid multilib conflicts, we toss in pre-generated docs
 # and neuter make all in the docs dir
 tar xzf %{SOURCE1}
@@ -67,6 +72,10 @@
 %{_libdir}/pkgconfig/libexif.pc
 
 %changelog
+* Sat Dec 15 2007 Matthias Clasen <mclasen at redhat.com> - 0.6.15-3
+- Add patch for CVE-2007-6351. Fixes bug #425621
+- Add patch for CVE-2007-6352. Fixes bug #425621
+
 * Wed Jun 13 2007 Matthias Clasen <mclasen at redhat.com> - 0.6.15-2
 - Add patch for CVE-2007-4168. Fix bug #243892

More information about the fedora-extras-commits mailing list