← Back to branch summary

~ubuntu-branches/ubuntu/hardy/libexif/hardy

~ubuntu-branches/ubuntu/hardy/libexif/hardy

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2007-6352.dpatch

Committer: Bazaar Package Importer
Author(s): Nico Golde
Date: 2007-12-21 17:13:58 UTC
mfrom: (5.1.5 hardy)
Revision ID: james.westby@ubuntu.com-20071221171358-zbjzk21kmnizelhk

Tags: 0.6.16-2.1

http://bugs.debian.org/457330

http://bugs.debian.org/457330

* Non-maintainer upload by security team.
* This update addresses the following security issues:
  - possible denial of service attack via crafted
    image file leading to an infinite recursion in the
    exif-loader.c (CVE-2007-6351; Closes: #457330).
  - integer overflow in exif-data.c triggered by a crafted
    image file could lead to arbitrary code execution
    (CVE-2007-6352; Closes: #457330).

files added:
ChangeLog.cvs

auto-m4

auto-m4/gettext.m4

auto-m4/iconv.m4

auto-m4/lib-ld.m4

auto-m4/lib-link.m4

auto-m4/lib-prefix.m4

auto-m4/nls.m4

auto-m4/po.m4

auto-m4/progtest.m4

debian/patches

debian/patches/00list

debian/patches/10_pkg_config_header_dir.dpatch

debian/patches/20_extra_colorspace_check.dpatch

debian/patches/30_olympus_makernote.dpatch

debian/patches/40_crash_looking_up_invalid_values.dpatch

debian/patches/50_relibtoolize.dpatch

debian/patches/CVE-2007-6351.dpatch

debian/patches/CVE-2007-6352.dpatch

libexif-uninstalled.pc.in

libexif.pc.in

po/cs.gmo

po/cs.po

po/ru.gmo

po/ru.po

po/sk.gmo

po/sk.po

po/vi.gmo

po/vi.po

test/test-integers.c

files removed:
config.log

libexif/libexif.pc.in

m4m/gettext.m4

m4m/iconv.m4

m4m/lib-ld.m4

m4m/lib-link.m4

m4m/lib-prefix.m4

m4m/nls.m4

m4m/po.m4

m4m/progtest.m4

files modified:
ChangeLog

INSTALL

Makefile.am

Makefile.in

NEWS

README

aclocal.m4

binary/Makefile.in

config.guess

config.sub

configure

configure.ac

debian/changelog

debian/compat

debian/control

debian/libexif12.docs

debian/rules

depcomp

doc/Doxyfile-internals.in

doc/Doxyfile.in

doc/Makefile.am

doc/Makefile.in

doc/libexif-api.html.tar.gz

install-sh

libexif.spec

libexif/Makefile.am

libexif/Makefile.in

libexif/canon/Makefile.in

libexif/canon/exif-mnote-data-canon.c

libexif/canon/exif-mnote-data-canon.h

libexif/canon/mnote-canon-entry.c

libexif/canon/mnote-canon-tag.c

libexif/canon/mnote-canon-tag.h

libexif/exif-content.c

libexif/exif-data.c

libexif/exif-data.h

libexif/exif-entry.c

libexif/exif-entry.h

libexif/exif-loader.c

libexif/exif-loader.h

libexif/exif-mem.c

libexif/exif-mem.h

libexif/exif-tag.c

libexif/exif-tag.h

libexif/exif-utils.c

libexif/exif-utils.h

libexif/i18n.h

libexif/olympus/Makefile.in

libexif/olympus/exif-mnote-data-olympus.c

libexif/olympus/exif-mnote-data-olympus.h

libexif/olympus/mnote-olympus-entry.c

libexif/olympus/mnote-olympus-tag.c

libexif/olympus/mnote-olympus-tag.h

libexif/pentax/Makefile.in

libexif/pentax/exif-mnote-data-pentax.c

libexif/pentax/exif-mnote-data-pentax.h

libexif/pentax/mnote-pentax-entry.c

libexif/pentax/mnote-pentax-tag.c

libexif/pentax/mnote-pentax-tag.h

ltmain.sh

m4m/Makefile.in

m4m/gp-documentation.m4

missing

po/Makevars

po/de.gmo

po/de.po

po/es.gmo

po/es.po

po/fr.gmo

po/fr.po

po/libexif-12.pot

po/pl.gmo

po/pl.po

test/Makefile.am

test/Makefile.in

test/nls/Makefile.am

test/nls/Makefile.in

test/nls/print-localedir.c

test/nls/test-nls.c

Show diffs side-by-side

added added

removed removed

debian/patches/CVE-2007-6352.dpatch

1

#! /bin/sh /usr/share/dpatch/dpatch-run

2

## CVE-2007-6352.dpatch by Nico Golde <nion@debian.org>

3

##

4

## All lines beginning with `## DP:' are a description of the patch.

5

## DP: No description.

6

7

@DPATCH@

8

diff -urNad libexif-0.6.16~/libexif/exif-data.c libexif-0.6.16/libexif/exif-data.c

9

--- libexif-0.6.16~/libexif/exif-data.c 2007-06-12 15:01:54.000000000 +0200

10

+++ libexif-0.6.16/libexif/exif-data.c 2007-12-21 17:13:15.000000000 +0100

11

@@ -288,10 +288,9 @@

12

exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,

13

unsigned int ds, ExifLong offset, ExifLong size)

14

{

15

- if (ds < offset + size) {

16

+ if (ds < offset + size || (offset < 0) || (size < 0) || (offset + size < offset)) {

17

exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",

18

- "Bogus thumbnail offset and size: %i < %i + %i.",

19

- (int) ds, (int) offset, (int) size);

20

+ "Bogus thumbnail offset and size");

21

return;

22

}

23

if (data->data)

Older »