Bug#678140: Two tiff issues: CVE-2012-2113 / CVE-2012-2088

Fri, 05 Oct 2012 14:12:12 -0700 

Jay Berkenbilt <q...@debian.org> wrote:

> Jay Berkenbilt <q...@debian.org> wrote:
>
>> Lee Garrett <lgarr...@programmfabrik.de> wrote:
>>
>>> Hi Jay,
>>>
>>> thanks for going through the effort of checking up on all CVEs and
>>> packaging it up.
>>>
>>> CVE-2012-2088 still affects 3.9.4-5+squeeze5 though. The only other
>>> vulnerability left is tracked in #688944, which was opened just today.

To address CVE-2012-4777, I will be uploading 3.9.4-5+squeeze6 with the
attached differences.

diff -urN ../tiff-3.9.4-5+squeeze5/debian/changelog ./debian/changelog
--- ../tiff-3.9.4-5+squeeze5/debian/changelog	2012-09-26 13:46:28.000000000 -0400
+++ ./debian/changelog	2012-10-05 16:54:07.553605838 -0400
@@ -1,3 +1,11 @@
+tiff (3.9.4-5+squeeze6) stable-security; urgency=high
+
+  * Add fix for CVE-2012-4777, a buffer overrun.  (Closes: #688944)
+  * CVE-2012-2088 was actually included in previous version but not listed
+    in the change log.
+
+ -- Jay Berkenbilt <q...@debian.org>  Fri, 05 Oct 2012 16:54:07 -0400
+
 tiff (3.9.4-5+squeeze5) stable-security; urgency=high
 
   * Added several additional security patches taken from the Ubuntu Natty
diff -urN ../tiff-3.9.4-5+squeeze5/debian/patches/CVE-2012-4777.patch ./debian/patches/CVE-2012-4777.patch
--- ../tiff-3.9.4-5+squeeze5/debian/patches/CVE-2012-4777.patch	1969-12-31 19:00:00.000000000 -0500
+++ ./debian/patches/CVE-2012-4777.patch	2012-10-05 16:51:57.205609335 -0400
@@ -0,0 +1,13 @@
+Index: tiff-3.9.4/libtiff/tif_pixarlog.c
+===================================================================
+--- tiff-3.9.4.orig/libtiff/tif_pixarlog.c	2010-06-08 14:50:42.000000000 -0400
++++ tiff-3.9.4/libtiff/tif_pixarlog.c	2012-10-05 16:51:49.201609547 -0400
+@@ -663,7 +663,7 @@
+ 				      td->td_rowsperstrip), sizeof(uint16));
+ 	if (tbuf_size == 0)
+ 		return (0);
+-	sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size);
++	sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size+sizeof(uint16)*sp->stride);
+ 	if (sp->tbuf == NULL)
+ 		return (0);
+ 	if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN)
diff -urN ../tiff-3.9.4-5+squeeze5/debian/patches/series ./debian/patches/series
--- ../tiff-3.9.4-5+squeeze5/debian/patches/series	2012-07-16 09:50:46.000000000 -0400
+++ ./debian/patches/series	2012-10-05 16:51:20.493610319 -0400
@@ -16,3 +16,4 @@
 CVE-2012-2088.patch
 CVE-2012-2113.patch
 CVE-2012-3401.patch
+CVE-2012-4777.patch

-- 
Jay Berkenbilt <q...@debian.org>

Reply via email to