[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

tiff for LTS



Hi,

this is my debdiff for CVE-2013-4243 in tiff.

I used the patch for wheezy as template.

  Thorsten



diff -Nru tiff-3.9.4/debian/changelog tiff-3.9.4/debian/changelog
--- tiff-3.9.4/debian/changelog	2013-08-24 17:23:06.000000000 +0200
+++ tiff-3.9.4/debian/changelog	2014-06-26 19:43:04.000000000 +0200
@@ -1,3 +1,11 @@
+tiff (3.9.4-5+squeeze11) squeeze-lts; urgency=high
+
+  * Fix for CVE-2013-4243 (validation for gif2tiff) from Red Hat.
+    DSA-2965-1
+    #742917
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Thu, 26 Jun 2014 18:00:00 +0200
+
 tiff (3.9.4-5+squeeze10) oldstable-security; urgency=high

   * Incorporated fixes to security issues CVE-2013-4231, CVE-2013-4232.
diff -Nru tiff-3.9.4/debian/patches/CVE-2013-4243.patch tiff-3.9.4/debian/patches/CVE-2013-4243.patch
--- tiff-3.9.4/debian/patches/CVE-2013-4243.patch	1970-01-01 01:00:00.000000000 +0100
+++ tiff-3.9.4/debian/patches/CVE-2013-4243.patch	2014-06-26 19:43:40.000000000 +0200
@@ -0,0 +1,37 @@
+Index: tiff/tools/gif2tiff.c
+===================================================================
+--- tiff.orig/tools/gif2tiff.c
++++ tiff/tools/gif2tiff.c
+@@ -280,6 +280,10 @@ readgifimage(char* mode)
+         fprintf(stderr, "no colormap present for image\n");
+         return (0);
+     }
++    if (width == 0 || height == 0) {
++        fprintf(stderr, "Invalid value of width or height\n");
++        return(0);
++    }
+     if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) {
+         fprintf(stderr, "not enough memory for image\n");
+         return (0);
+@@ -404,6 +408,10 @@ process(register int code, unsigned char
+             fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+             return 0;
+         }
++        if (*fill >= raster + width*height) {
++            fprintf(stderr, "raster full before eoi code\n");
++            return 0;
++        }
+ 	*(*fill)++ = suffix[code];
+ 	firstchar = oldcode = code;
+ 	return 1;
+@@ -434,6 +442,10 @@ process(register int code, unsigned char
+     }
+     oldcode = incode;
+     do {
++        if (*fill >= raster + width*height) {
++            fprintf(stderr, "raster full before eoi code\n");
++            return 0;
++        }
+ 	*(*fill)++ = *--stackp;
+     } while (stackp > stack);
+     return 1;
diff -Nru tiff-3.9.4/debian/patches/series tiff-3.9.4/debian/patches/series
--- tiff-3.9.4/debian/patches/series	2013-08-24 17:22:20.000000000 +0200
+++ tiff-3.9.4/debian/patches/series	2014-06-26 19:44:07.000000000 +0200
@@ -24,3 +24,4 @@
 CVE-2013-4231.patch
 CVE-2013-4232.patch
 CVE-2013-4244.patch
+CVE-2013-4243.patch


Reply to: