Bug#693541: unblock: tiff/4.0.2-5

Sat, 17 Nov 2012 10:48:16 -0800 

Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package tiff 4.0.2-5, which includes a patch to address
CVE-2012-4564 and which closes RC bug #692345.


diff -Nru tiff-4.0.2/debian/changelog tiff-4.0.2/debian/changelog
--- tiff-4.0.2/debian/changelog	2012-10-05 17:39:16.000000000 -0400
+++ tiff-4.0.2/debian/changelog	2012-11-17 12:40:40.000000000 -0500
@@ -1,3 +1,10 @@
+tiff (4.0.2-5) unstable; urgency=high
+
+  * Add fix for CVE-2012-4564, a heap-buffer overflow.  Thanks Adrian La
+    Duca for doing all the work to prepare this upload.  (Closes: #692345)
+
+ -- Jay Berkenbilt <q...@debian.org>  Sat, 17 Nov 2012 12:40:25 -0500
+
 tiff (4.0.2-4) unstable; urgency=high
 
   * Previous change was uploaded with the wrong CVE number.  I updated the
diff -Nru tiff-4.0.2/debian/patches/CVE-2012-4564.patch tiff-4.0.2/debian/patches/CVE-2012-4564.patch
--- tiff-4.0.2/debian/patches/CVE-2012-4564.patch	1969-12-31 19:00:00.000000000 -0500
+++ tiff-4.0.2/debian/patches/CVE-2012-4564.patch	2012-11-17 12:39:17.000000000 -0500
@@ -0,0 +1,31 @@
+Index: tiff-4.0.2/tools/ppm2tiff.c
+===================================================================
+--- tiff-4.0.2.orig/tools/ppm2tiff.c	2010-04-10 15:22:34.000000000 -0400
++++ tiff-4.0.2/tools/ppm2tiff.c	2012-11-16 13:00:44.654825029 -0500
+@@ -89,6 +89,7 @@
+ 	int c;
+ 	extern int optind;
+ 	extern char* optarg;
++	tmsize_t scanline_size;
+ 
+ 	if (argc < 2) {
+ 	    fprintf(stderr, "%s: Too few arguments\n", argv[0]);
+@@ -237,8 +238,16 @@
+ 	}
+ 	if (TIFFScanlineSize(out) > linebytes)
+ 		buf = (unsigned char *)_TIFFmalloc(linebytes);
+-	else
+-		buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
++	else {
++		scanline_size = TIFFScanlineSize(out);
++		if (scanline_size != 0)
++			buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
++		else {
++			fprintf(stderr, "%s: scanline size overflow\n",infile);
++			(void) TIFFClose(out);
++			exit(-2);
++			}
++		}
+ 	if (resolution > 0) {
+ 		TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
+ 		TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
diff -Nru tiff-4.0.2/debian/patches/series tiff-4.0.2/debian/patches/series
--- tiff-4.0.2/debian/patches/series	2012-10-05 17:07:54.000000000 -0400
+++ tiff-4.0.2/debian/patches/series	2012-11-17 12:39:17.000000000 -0500
@@ -1,3 +1,4 @@
 opengl.patch
 CVE-2012-3401.patch
 CVE-2012-4447.patch
+CVE-2012-4564.patch

Reply via email to