rpms/libtiff/devel libtiff-3.8.2-lzw-bugs.patch, 1.1, 1.2 libtiff.spec, 1.53, 1.54
Tom Lane
tgl at fedoraproject.org
Wed Jul 1 14:53:40 UTC 2009
- Previous message (by thread): rpms/gnome-system-monitor/devel .cvsignore, 1.78, 1.79 gnome-system-monitor.spec, 1.143, 1.144 sources, 1.78, 1.79
- Next message (by thread): rpms/awesfx/F-10 41-soundfont.rules, NONE, 1.1 Makefile, 1.3, 1.4 awesfx.spec, 1.19, 1.20 import.log, NONE, 1.1 load-soundfont, NONE, 1.1 rename-getline-to-parseline.patch, NONE, 1.1 sources, 1.5, 1.6 udev-soundfont, NONE, 1.1 dead.package, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tgl
Update of /cvs/pkgs/rpms/libtiff/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21325
Modified Files:
libtiff-3.8.2-lzw-bugs.patch libtiff.spec
Log Message:
Fix for CVE-2009-2285
libtiff-3.8.2-lzw-bugs.patch:
Index: libtiff-3.8.2-lzw-bugs.patch
===================================================================
RCS file: /cvs/pkgs/rpms/libtiff/devel/libtiff-3.8.2-lzw-bugs.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- libtiff-3.8.2-lzw-bugs.patch 26 Aug 2008 15:52:30 -0000 1.1
+++ libtiff-3.8.2-lzw-bugs.patch 1 Jul 2009 14:53:40 -0000 1.2
@@ -1,4 +1,4 @@
-Fixes for CVE-2008-2327
+Fixes for CVE-2008-2327 and CVE-2009-2285
diff -Naur tiff-3.8.2.orig/libtiff/tif_lzw.c tiff-3.8.2/libtiff/tif_lzw.c
@@ -27,7 +27,7 @@ diff -Naur tiff-3.8.2.orig/libtiff/tif_l
NextCode(tif, sp, bp, code, GetNextCode);
if (code == CODE_EOI)
break;
-+ if (code == CODE_CLEAR) {
++ if (code >= CODE_CLEAR) {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ "LZWDecode: Corrupted LZW table at scanline %d",
+ tif->tif_row);
@@ -47,7 +47,7 @@ diff -Naur tiff-3.8.2.orig/libtiff/tif_l
NextCode(tif, sp, bp, code, GetNextCodeCompat);
if (code == CODE_EOI)
break;
-+ if (code == CODE_CLEAR) {
++ if (code >= CODE_CLEAR) {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ "LZWDecodeCompat: Corrupted LZW table at scanline %d",
+ tif->tif_row);
Index: libtiff.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libtiff/devel/libtiff.spec,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -p -r1.53 -r1.54
--- libtiff.spec 25 Feb 2009 19:24:10 -0000 1.53
+++ libtiff.spec 1 Jul 2009 14:53:40 -0000 1.54
@@ -1,10 +1,10 @@
Summary: Library of functions for manipulating TIFF format image files
Name: libtiff
Version: 3.8.2
-Release: 12%{?dist}
+Release: 13%{?dist}
License: libtiff
Group: System Environment/Libraries
-URL: http://www.libtiff.org/
+URL: http://www.remotesensing.org/libtiff/
Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
Patch0: tiffsplit-overflow.patch
@@ -157,6 +157,11 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/*.a
%changelog
+* Wed Jul 1 2009 Tom Lane <tgl at redhat.com> 3.8.2-13
+- Fix some more LZW decoding vulnerabilities (CVE-2009-2285)
+Related: #507465
+- Update upstream URL
+
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.8.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
- Previous message (by thread): rpms/gnome-system-monitor/devel .cvsignore, 1.78, 1.79 gnome-system-monitor.spec, 1.143, 1.144 sources, 1.78, 1.79
- Next message (by thread): rpms/awesfx/F-10 41-soundfont.rules, NONE, 1.1 Makefile, 1.3, 1.4 awesfx.spec, 1.19, 1.20 import.log, NONE, 1.1 load-soundfont, NONE, 1.1 rename-getline-to-parseline.patch, NONE, 1.1 sources, 1.5, 1.6 udev-soundfont, NONE, 1.1 dead.package, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list