tiff for LTS
Hi,
this is my debdiff for CVE-2013-4243 in tiff.
I used the patch for wheezy as template.
Thorsten
diff -Nru tiff-3.9.4/debian/changelog tiff-3.9.4/debian/changelog
--- tiff-3.9.4/debian/changelog 2013-08-24 17:23:06.000000000 +0200
+++ tiff-3.9.4/debian/changelog 2014-06-26 19:43:04.000000000 +0200
@@ -1,3 +1,11 @@
+tiff (3.9.4-5+squeeze11) squeeze-lts; urgency=high
+
+ * Fix for CVE-2013-4243 (validation for gif2tiff) from Red Hat.
+ DSA-2965-1
+ #742917
+
+ -- Thorsten Alteholz <debian@alteholz.de> Thu, 26 Jun 2014 18:00:00 +0200
+
tiff (3.9.4-5+squeeze10) oldstable-security; urgency=high
* Incorporated fixes to security issues CVE-2013-4231, CVE-2013-4232.
diff -Nru tiff-3.9.4/debian/patches/CVE-2013-4243.patch tiff-3.9.4/debian/patches/CVE-2013-4243.patch
--- tiff-3.9.4/debian/patches/CVE-2013-4243.patch 1970-01-01 01:00:00.000000000 +0100
+++ tiff-3.9.4/debian/patches/CVE-2013-4243.patch 2014-06-26 19:43:40.000000000 +0200
@@ -0,0 +1,37 @@
+Index: tiff/tools/gif2tiff.c
+===================================================================
+--- tiff.orig/tools/gif2tiff.c
++++ tiff/tools/gif2tiff.c
+@@ -280,6 +280,10 @@ readgifimage(char* mode)
+ fprintf(stderr, "no colormap present for image\n");
+ return (0);
+ }
++ if (width == 0 || height == 0) {
++ fprintf(stderr, "Invalid value of width or height\n");
++ return(0);
++ }
+ if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) {
+ fprintf(stderr, "not enough memory for image\n");
+ return (0);
+@@ -404,6 +408,10 @@ process(register int code, unsigned char
+ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+ return 0;
+ }
++ if (*fill >= raster + width*height) {
++ fprintf(stderr, "raster full before eoi code\n");
++ return 0;
++ }
+ *(*fill)++ = suffix[code];
+ firstchar = oldcode = code;
+ return 1;
+@@ -434,6 +442,10 @@ process(register int code, unsigned char
+ }
+ oldcode = incode;
+ do {
++ if (*fill >= raster + width*height) {
++ fprintf(stderr, "raster full before eoi code\n");
++ return 0;
++ }
+ *(*fill)++ = *--stackp;
+ } while (stackp > stack);
+ return 1;
diff -Nru tiff-3.9.4/debian/patches/series tiff-3.9.4/debian/patches/series
--- tiff-3.9.4/debian/patches/series 2013-08-24 17:22:20.000000000 +0200
+++ tiff-3.9.4/debian/patches/series 2014-06-26 19:44:07.000000000 +0200
@@ -24,3 +24,4 @@
CVE-2013-4231.patch
CVE-2013-4232.patch
CVE-2013-4244.patch
+CVE-2013-4243.patch
Reply to: