rpms/libtiff/devel libtiff-3.8.2-CVE-2006-2193.patch, NONE, 1.1 libtiff-3.8.2-mantypo.patch, NONE, 1.1 libtiff.spec, 1.46, 1.47
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Sep 5 12:04:41 UTC 2006
- Previous message (by thread): rpms/selinux-policy/devel .cvsignore, 1.84, 1.85 policy-20060829.patch, 1.8, 1.9 selinux-policy.spec, 1.269, 1.270 sources, 1.88, 1.89
- Next message (by thread): rpms/vim/devel README.patches,1.57,1.58 vim.spec,1.136,1.137
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jnovy
Update of /cvs/dist/rpms/libtiff/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv30873
Modified Files:
libtiff.spec
Added Files:
libtiff-3.8.2-CVE-2006-2193.patch libtiff-3.8.2-mantypo.patch
Log Message:
- fix CVE-2006-2193, tiff2pdf buffer overflow (#194362)
- fix typo in man page for tiffset (#186297)
- use %%{?dist}
libtiff-3.8.2-CVE-2006-2193.patch:
tiff2pdf.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE libtiff-3.8.2-CVE-2006-2193.patch ---
--- tiff-3.8.2/tools/tiff2pdf.c.CVE-2006-2193 2006-03-21 17:42:51.000000000 +0100
+++ tiff-3.8.2/tools/tiff2pdf.c 2006-09-05 10:47:51.000000000 +0200
@@ -3668,7 +3668,7 @@
written += TIFFWriteFile(output, (tdata_t) "(", 1);
for (i=0;i<len;i++){
if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
- sprintf(buffer, "\\%.3o", pdfstr[i]);
+ snprintf(buffer, sizeof(buffer), "\\%.3o", (unsigned char) pdfstr[i]);
written += TIFFWriteFile(output, (tdata_t) buffer, 4);
} else {
switch (pdfstr[i]){
libtiff-3.8.2-mantypo.patch:
tiffset.1 | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE libtiff-3.8.2-mantypo.patch ---
--- tiff-3.8.2/man/tiffset.1.mantypo 2005-12-02 17:01:33.000000000 +0100
+++ tiff-3.8.2/man/tiffset.1 2006-09-05 10:10:02.000000000 +0200
@@ -60,7 +60,7 @@
"Anonymous":
.RS
.nf
-tiffset -s 305 Anonymous a.tif
+tiffset -s 315 Anonymous a.tif
.fi
.RE
.PP
Index: libtiff.spec
===================================================================
RCS file: /cvs/dist/rpms/libtiff/devel/libtiff.spec,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- libtiff.spec 1 Aug 2006 20:27:58 -0000 1.46
+++ libtiff.spec 5 Sep 2006 12:04:37 -0000 1.47
@@ -1,12 +1,14 @@
Summary: Library of functions for manipulating TIFF format image files
Name: libtiff
Version: 3.8.2
-Release: 5
+Release: 6%{?dist}
License: distributable
Group: System Environment/Libraries
Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
Patch0: tiffsplit-overflow.patch
Patch1: libtiff-3.8.2-ormandy.patch
+Patch2: libtiff-3.8.2-CVE-2006-2193.patch
+Patch3: libtiff-3.8.2-mantypo.patch
URL: http://www.libtiff.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: zlib-devel libjpeg-devel
@@ -39,6 +41,8 @@
%setup -q -n tiff-%{version}
%patch0 -p1 -b .overflow
%patch1 -p1 -b .ormandy
+%patch2 -p1 -b .CVE-2006-2193
+%patch3 -p1 -b .mantypo
%build
%configure
@@ -111,6 +115,11 @@
%{_mandir}/man3/*
%changelog
+* Tue Sep 5 2006 Jindrich Novy <jnovy at redhat.com> - 3.8.2-6
+- fix CVE-2006-2193, tiff2pdf buffer overflow (#194362)
+- fix typo in man page for tiffset (#186297)
+- use %%{?dist}
+
* Mon Jul 24 2006 Matthias Clasen <mclasen at redhat.com>
- Fix several vulnerabilities (CVE-2006-3460 CVE-2006-3461
CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
- Previous message (by thread): rpms/selinux-policy/devel .cvsignore, 1.84, 1.85 policy-20060829.patch, 1.8, 1.9 selinux-policy.spec, 1.269, 1.270 sources, 1.88, 1.89
- Next message (by thread): rpms/vim/devel README.patches,1.57,1.58 vim.spec,1.136,1.137
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list