Bug#693541: unblock: tiff/4.0.2-5
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Severity: normal
Please unblock package tiff 4.0.2-5, which includes a patch to address
CVE-2012-4564 and which closes RC bug #692345.
diff -Nru tiff-4.0.2/debian/changelog tiff-4.0.2/debian/changelog
--- tiff-4.0.2/debian/changelog 2012-10-05 17:39:16.000000000 -0400
+++ tiff-4.0.2/debian/changelog 2012-11-17 12:40:40.000000000 -0500
@@ -1,3 +1,10 @@
+tiff (4.0.2-5) unstable; urgency=high
+
+ * Add fix for CVE-2012-4564, a heap-buffer overflow. Thanks Adrian La
+ Duca for doing all the work to prepare this upload. (Closes: #692345)
+
+ -- Jay Berkenbilt <qjb@debian.org> Sat, 17 Nov 2012 12:40:25 -0500
+
tiff (4.0.2-4) unstable; urgency=high
* Previous change was uploaded with the wrong CVE number. I updated the
diff -Nru tiff-4.0.2/debian/patches/CVE-2012-4564.patch tiff-4.0.2/debian/patches/CVE-2012-4564.patch
--- tiff-4.0.2/debian/patches/CVE-2012-4564.patch 1969-12-31 19:00:00.000000000 -0500
+++ tiff-4.0.2/debian/patches/CVE-2012-4564.patch 2012-11-17 12:39:17.000000000 -0500
@@ -0,0 +1,31 @@
+Index: tiff-4.0.2/tools/ppm2tiff.c
+===================================================================
+--- tiff-4.0.2.orig/tools/ppm2tiff.c 2010-04-10 15:22:34.000000000 -0400
++++ tiff-4.0.2/tools/ppm2tiff.c 2012-11-16 13:00:44.654825029 -0500
+@@ -89,6 +89,7 @@
+ int c;
+ extern int optind;
+ extern char* optarg;
++ tmsize_t scanline_size;
+
+ if (argc < 2) {
+ fprintf(stderr, "%s: Too few arguments\n", argv[0]);
+@@ -237,8 +238,16 @@
+ }
+ if (TIFFScanlineSize(out) > linebytes)
+ buf = (unsigned char *)_TIFFmalloc(linebytes);
+- else
+- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
++ else {
++ scanline_size = TIFFScanlineSize(out);
++ if (scanline_size != 0)
++ buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
++ else {
++ fprintf(stderr, "%s: scanline size overflow\n",infile);
++ (void) TIFFClose(out);
++ exit(-2);
++ }
++ }
+ if (resolution > 0) {
+ TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
+ TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
diff -Nru tiff-4.0.2/debian/patches/series tiff-4.0.2/debian/patches/series
--- tiff-4.0.2/debian/patches/series 2012-10-05 17:07:54.000000000 -0400
+++ tiff-4.0.2/debian/patches/series 2012-11-17 12:39:17.000000000 -0500
@@ -1,3 +1,4 @@
opengl.patch
CVE-2012-3401.patch
CVE-2012-4447.patch
+CVE-2012-4564.patch
Reply to: