Bug#678140: Two tiff issues: CVE-2012-2113 / CVE-2012-2088

Sun, 07 Oct 2012 02:30:14 -0700 

> To address CVE-2012-4777, I will be uploading 3.9.4-5+squeeze6 with the
> attached differences.

> diff -urN ../tiff-3.9.4-5+squeeze5/debian/changelog ./debian/changelog
> --- ../tiff-3.9.4-5+squeeze5/debian/changelog 2012-09-26 13:46:28.000000000 
> -0400
> +++ ./debian/changelog        2012-10-05 16:54:07.553605838 -0400
> @@ -1,3 +1,11 @@
> +tiff (3.9.4-5+squeeze6) stable-security; urgency=high
> +
> +  * Add fix for CVE-2012-4777, a buffer overrun.  (Closes: #688944)
> +  * CVE-2012-2088 was actually included in previous version but not listed
> +    in the change log.
> +
> + -- Jay Berkenbilt <q...@debian.org>  Fri, 05 Oct 2012 16:54:07 -0400
> +
>  tiff (3.9.4-5+squeeze5) stable-security; urgency=high
>  
>    * Added several additional security patches taken from the Ubuntu Natty
> diff -urN ../tiff-3.9.4-5+squeeze5/debian/patches/CVE-2012-4777.patch 
> ./debian/patches/CVE-2012-4777.patch
> --- ../tiff-3.9.4-5+squeeze5/debian/patches/CVE-2012-4777.patch       
> 1969-12-31 19:00:00.000000000 -0500
> +++ ./debian/patches/CVE-2012-4777.patch      2012-10-05 16:51:57.205609335 
> -0400
> @@ -0,0 +1,13 @@
> +Index: tiff-3.9.4/libtiff/tif_pixarlog.c
> +===================================================================
> +--- tiff-3.9.4.orig/libtiff/tif_pixarlog.c   2010-06-08 14:50:42.000000000 
> -0400
> ++++ tiff-3.9.4/libtiff/tif_pixarlog.c        2012-10-05 16:51:49.201609547 
> -0400
> +@@ -663,7 +663,7 @@
> +                                   td->td_rowsperstrip), sizeof(uint16));
> +     if (tbuf_size == 0)
> +             return (0);
> +-    sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size);
> ++    sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size+sizeof(uint16)*sp->stride);
> +     if (sp->tbuf == NULL)
> +             return (0);
> +     if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN)
> diff -urN ../tiff-3.9.4-5+squeeze5/debian/patches/series 
> ./debian/patches/series
> --- ../tiff-3.9.4-5+squeeze5/debian/patches/series    2012-07-16 
> 09:50:46.000000000 -0400
> +++ ./debian/patches/series   2012-10-05 16:51:20.493610319 -0400
> @@ -16,3 +16,4 @@
>  CVE-2012-2088.patch
>  CVE-2012-2113.patch
>  CVE-2012-3401.patch
> +CVE-2012-4777.patch

Looks good, please upload.

Cheers,
        Moritz


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to