From 9be741d3e68f6bcfe148140e5adc2b0151de481a Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Jul 01 2009 15:13:39 +0000 Subject: Fix for CVE-2009-2285 --- diff --git a/libtiff-3.8.2-lzw-bugs.patch b/libtiff-3.8.2-lzw-bugs.patch index 874e5e3..a0d46f2 100644 --- a/libtiff-3.8.2-lzw-bugs.patch +++ b/libtiff-3.8.2-lzw-bugs.patch @@ -1,4 +1,4 @@ -Fixes for CVE-2008-2327 +Fixes for CVE-2008-2327 and CVE-2009-2285 diff -Naur tiff-3.8.2.orig/libtiff/tif_lzw.c tiff-3.8.2/libtiff/tif_lzw.c @@ -27,7 +27,7 @@ diff -Naur tiff-3.8.2.orig/libtiff/tif_lzw.c tiff-3.8.2/libtiff/tif_lzw.c NextCode(tif, sp, bp, code, GetNextCode); if (code == CODE_EOI) break; -+ if (code == CODE_CLEAR) { ++ if (code >= CODE_CLEAR) { + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, + "LZWDecode: Corrupted LZW table at scanline %d", + tif->tif_row); @@ -47,7 +47,7 @@ diff -Naur tiff-3.8.2.orig/libtiff/tif_lzw.c tiff-3.8.2/libtiff/tif_lzw.c NextCode(tif, sp, bp, code, GetNextCodeCompat); if (code == CODE_EOI) break; -+ if (code == CODE_CLEAR) { ++ if (code >= CODE_CLEAR) { + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, + "LZWDecodeCompat: Corrupted LZW table at scanline %d", + tif->tif_row); diff --git a/libtiff.spec b/libtiff.spec index d8ef490..9bb25c8 100644 --- a/libtiff.spec +++ b/libtiff.spec @@ -1,10 +1,10 @@ Summary: Library of functions for manipulating TIFF format image files Name: libtiff Version: 3.8.2 -Release: 12%{?dist} +Release: 13%{?dist} License: libtiff Group: System Environment/Libraries -URL: http://www.libtiff.org/ +URL: http://www.remotesensing.org/libtiff/ Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz Patch0: tiffsplit-overflow.patch @@ -157,6 +157,11 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/*.a %changelog +* Wed Jul 1 2009 Tom Lane 3.8.2-13 +- Fix some more LZW decoding vulnerabilities (CVE-2009-2285) +Related: #507465 +- Update upstream URL + * Wed Feb 25 2009 Fedora Release Engineering - 3.8.2-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild