tiff for LTS

Thu, 26 Jun 2014 11:00:51 -0700 

Hi,

this is my debdiff for CVE-2013-4243 in tiff.

I used the patch for wheezy as template.

  Thorsten



diff -Nru tiff-3.9.4/debian/changelog tiff-3.9.4/debian/changelog
--- tiff-3.9.4/debian/changelog 2013-08-24 17:23:06.000000000 +0200
+++ tiff-3.9.4/debian/changelog 2014-06-26 19:43:04.000000000 +0200
@@ -1,3 +1,11 @@
+tiff (3.9.4-5+squeeze11) squeeze-lts; urgency=high
+
+  * Fix for CVE-2013-4243 (validation for gif2tiff) from Red Hat.
+    DSA-2965-1
+    #742917
+
+ -- Thorsten Alteholz <deb...@alteholz.de>  Thu, 26 Jun 2014 18:00:00 +0200
+
 tiff (3.9.4-5+squeeze10) oldstable-security; urgency=high

   * Incorporated fixes to security issues CVE-2013-4231, CVE-2013-4232.
diff -Nru tiff-3.9.4/debian/patches/CVE-2013-4243.patch 
tiff-3.9.4/debian/patches/CVE-2013-4243.patch
--- tiff-3.9.4/debian/patches/CVE-2013-4243.patch       1970-01-01 
01:00:00.000000000 +0100
+++ tiff-3.9.4/debian/patches/CVE-2013-4243.patch       2014-06-26 
19:43:40.000000000 +0200
@@ -0,0 +1,37 @@
+Index: tiff/tools/gif2tiff.c
+===================================================================
+--- tiff.orig/tools/gif2tiff.c
++++ tiff/tools/gif2tiff.c
+@@ -280,6 +280,10 @@ readgifimage(char* mode)
+         fprintf(stderr, "no colormap present for image\n");
+         return (0);
+     }
++    if (width == 0 || height == 0) {
++        fprintf(stderr, "Invalid value of width or height\n");
++        return(0);
++    }
+     if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == 
NULL) {
+         fprintf(stderr, "not enough memory for image\n");
+         return (0);
+@@ -404,6 +408,10 @@ process(register int code, unsigned char
+             fprintf(stderr, "bad input: code=%d is larger than 
clear=%d\n",code, clear);
+             return 0;
+         }
++        if (*fill >= raster + width*height) {
++            fprintf(stderr, "raster full before eoi code\n");
++            return 0;
++        }
+       *(*fill)++ = suffix[code];
+       firstchar = oldcode = code;
+       return 1;
+@@ -434,6 +442,10 @@ process(register int code, unsigned char
+     }
+     oldcode = incode;
+     do {
++        if (*fill >= raster + width*height) {
++            fprintf(stderr, "raster full before eoi code\n");
++            return 0;
++        }
+       *(*fill)++ = *--stackp;
+     } while (stackp > stack);
+     return 1;
diff -Nru tiff-3.9.4/debian/patches/series tiff-3.9.4/debian/patches/series
--- tiff-3.9.4/debian/patches/series    2013-08-24 17:22:20.000000000 +0200
+++ tiff-3.9.4/debian/patches/series    2014-06-26 19:44:07.000000000 +0200
@@ -24,3 +24,4 @@
 CVE-2013-4231.patch
 CVE-2013-4232.patch
 CVE-2013-4244.patch
+CVE-2013-4243.patch


--
To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/alpine.deb.2.02.1406261955210.5...@jupiter.server.alteholz.net

Reply via email to