diff options
| author | Mark H Weaver <mhw@netris.org> | 2015-06-16 00:59:15 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2015-06-16 01:02:01 -0400 |
| commit | 8e28d22c914122aa7bfb70847370d8ae0f070688 (patch) | |
| tree | 14ffa1b7954a3f67c4057bc03ab35c993e98120f /gnu/packages/patches/libtiff-CVE-2013-4244.patch | |
| parent | 7d02724b7bddb4d5e1cc93db99f737baa26840ca (diff) | |
gnu: libtiff: Add fixes for several CVEs.
* gnu/packages/patches/libtiff-CVE-2012-4564.patch,
gnu/packages/patches/libtiff-CVE-2013-1960.patch,
gnu/packages/patches/libtiff-CVE-2013-1961.patch,
gnu/packages/patches/libtiff-CVE-2013-4231.patch,
gnu/packages/patches/libtiff-CVE-2013-4232.patch,
gnu/packages/patches/libtiff-CVE-2013-4243.patch,
gnu/packages/patches/libtiff-CVE-2013-4244.patch,
gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch,
gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch,
gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch,
gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch,
gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch,
gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch,
gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch,
gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch,
gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch,
gnu/packages/patches/libtiff-CVE-2014-8129.patch,
gnu/packages/patches/libtiff-CVE-2014-9330.patch,
gnu/packages/patches/libtiff-CVE-2014-9655.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/image.scm (libtiff)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/libtiff-CVE-2013-4244.patch')
| -rw-r--r-- | gnu/packages/patches/libtiff-CVE-2013-4244.patch | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/gnu/packages/patches/libtiff-CVE-2013-4244.patch b/gnu/packages/patches/libtiff-CVE-2013-4244.patch new file mode 100644 index 0000000000..be9c65c311 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2013-4244.patch @@ -0,0 +1,20 @@ +Copied from Debian + +Description: OOB write in gif2tiff +Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=996468 + +Index: tiff-4.0.3/tools/gif2tiff.c +=================================================================== +--- tiff-4.0.3.orig/tools/gif2tiff.c 2013-08-24 11:17:13.546447901 -0400 ++++ tiff-4.0.3/tools/gif2tiff.c 2013-08-24 11:17:13.546447901 -0400 +@@ -400,6 +400,10 @@ + } + + if (oldcode == -1) { ++ if (code >= clear) { ++ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear); ++ return 0; ++ } + *(*fill)++ = suffix[code]; + firstchar = oldcode = code; + return 1; |