← Back to branch summary

~ubuntu-branches/ubuntu/precise/tiff/precise-security

~ubuntu-branches/ubuntu/precise/tiff/precise-security

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2014-9655-3.patch

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2015-03-30 08:11:18 UTC
Revision ID: package-import@ubuntu.com-20150330081118-bvaoaii1act27voq

Tags: 3.9.5-2ubuntu1.7

* SECURITY UPDATE: Fix multiple security issues
  - debian/patches/CVE-2014-81xx-1.patch to CVE-2014-81xx-11.patch
  - debian/patches/CVE-2014-8128-5.patch
  - debian/patches/CVE-2014-9655-1.patch to CVE-2014-9655-3.patch
  - debian/patches/read_overrun.patch
  - debian/patches/CVE-2014-8130.patch
  - CVE-2014-8127 (partially)
  - CVE-2014-8128
  - CVE-2014-8129
  - CVE-2014-8130
  - CVE-2014-9330
  - CVE-2014-9655

files added:
.pc/CVE-2014-8128-5.patch

.pc/CVE-2014-8128-5.patch/libtiff

.pc/CVE-2014-8128-5.patch/libtiff/tif_dirinfo.c

.pc/CVE-2014-8130.patch

.pc/CVE-2014-8130.patch/libtiff

.pc/CVE-2014-8130.patch/libtiff/tif_unix.c

.pc/CVE-2014-81xx-1.patch

.pc/CVE-2014-81xx-1.patch/libtiff

.pc/CVE-2014-81xx-1.patch/libtiff/tif_dir.c

.pc/CVE-2014-81xx-1.patch/libtiff/tif_getimage.c

.pc/CVE-2014-81xx-1.patch/libtiff/tif_next.c

.pc/CVE-2014-81xx-1.patch/tools

.pc/CVE-2014-81xx-1.patch/tools/bmp2tiff.c

.pc/CVE-2014-81xx-1.patch/tools/tiff2pdf.c

.pc/CVE-2014-81xx-1.patch/tools/tiffcrop.c

.pc/CVE-2014-81xx-10.patch

.pc/CVE-2014-81xx-10.patch/libtiff

.pc/CVE-2014-81xx-10.patch/libtiff/tif_read.c

.pc/CVE-2014-81xx-11.patch

.pc/CVE-2014-81xx-11.patch/tools

.pc/CVE-2014-81xx-11.patch/tools/tiffdither.c

.pc/CVE-2014-81xx-2.patch

.pc/CVE-2014-81xx-2.patch/tools

.pc/CVE-2014-81xx-2.patch/tools/tiffcp.c

.pc/CVE-2014-81xx-3.patch

.pc/CVE-2014-81xx-3.patch/tools

.pc/CVE-2014-81xx-3.patch/tools/tiff2pdf.c

.pc/CVE-2014-81xx-4.patch

.pc/CVE-2014-81xx-4.patch/libtiff

.pc/CVE-2014-81xx-4.patch/libtiff/tif_next.c

.pc/CVE-2014-81xx-5.patch

.pc/CVE-2014-81xx-5.patch/tools

.pc/CVE-2014-81xx-5.patch/tools/thumbnail.c

.pc/CVE-2014-81xx-5.patch/tools/tiffcmp.c

.pc/CVE-2014-81xx-6.patch

.pc/CVE-2014-81xx-6.patch/tools

.pc/CVE-2014-81xx-6.patch/tools/thumbnail.c

.pc/CVE-2014-81xx-7.patch

.pc/CVE-2014-81xx-7.patch/tools

.pc/CVE-2014-81xx-7.patch/tools/pal2rgb.c

.pc/CVE-2014-81xx-7.patch/tools/thumbnail.c

.pc/CVE-2014-81xx-8.patch

.pc/CVE-2014-81xx-8.patch/tools

.pc/CVE-2014-81xx-8.patch/tools/tiff2bw.c

.pc/CVE-2014-81xx-9.patch

.pc/CVE-2014-81xx-9.patch/tools

.pc/CVE-2014-81xx-9.patch/tools/tiffdump.c

.pc/CVE-2014-9655-1.patch

.pc/CVE-2014-9655-1.patch/libtiff

.pc/CVE-2014-9655-1.patch/libtiff/tif_getimage.c

.pc/CVE-2014-9655-2.patch

.pc/CVE-2014-9655-2.patch/libtiff

.pc/CVE-2014-9655-2.patch/libtiff/tif_getimage.c

.pc/CVE-2014-9655-2.patch/libtiff/tif_next.c

.pc/CVE-2014-9655-3.patch

.pc/CVE-2014-9655-3.patch/libtiff

.pc/CVE-2014-9655-3.patch/libtiff/tif_getimage.c

.pc/read_overrun.patch

.pc/read_overrun.patch/tools

.pc/read_overrun.patch/tools/thumbnail.c

.pc/read_overrun.patch/tools/tiffcrop.c

debian/patches/CVE-2014-8128-5.patch

debian/patches/CVE-2014-8130.patch

debian/patches/CVE-2014-81xx-1.patch

debian/patches/CVE-2014-81xx-10.patch

debian/patches/CVE-2014-81xx-11.patch

debian/patches/CVE-2014-81xx-2.patch

debian/patches/CVE-2014-81xx-3.patch

debian/patches/CVE-2014-81xx-4.patch

debian/patches/CVE-2014-81xx-5.patch

debian/patches/CVE-2014-81xx-6.patch

debian/patches/CVE-2014-81xx-7.patch

debian/patches/CVE-2014-81xx-8.patch

debian/patches/CVE-2014-81xx-9.patch

debian/patches/CVE-2014-9655-1.patch

debian/patches/CVE-2014-9655-2.patch

debian/patches/CVE-2014-9655-3.patch

debian/patches/read_overrun.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

libtiff/tif_dir.c

libtiff/tif_dirinfo.c

libtiff/tif_getimage.c

libtiff/tif_next.c

libtiff/tif_read.c

libtiff/tif_unix.c

tools/bmp2tiff.c

tools/pal2rgb.c

tools/thumbnail.c

tools/tiff2bw.c

tools/tiff2pdf.c

tools/tiffcmp.c

tools/tiffcp.c

tools/tiffcrop.c

tools/tiffdither.c

tools/tiffdump.c

Show diffs side-by-side

added added

removed removed

debian/patches/CVE-2014-9655-3.patch

1

Backport of:

2

3

From feed76c99f132f02a938de3b566442bff61388ef Mon Sep 17 00:00:00 2001

4

From: erouault <erouault>

5

Date: Mon, 29 Dec 2014 18:28:46 +0000

6

Subject: [PATCH] * libtiff/tif_getimage.c: move test on vertical value of

7

YCbCr subsampling. to avoid buffer leak (fix previous fix, found by Coverity

8

scan)

9

10

---

11

ChangeLog | 5 +++--

12

libtiff/tif_getimage.c | 12 +++++++-----

13

2 files changed, 10 insertions(+), 7 deletions(-)

14

15

Index: tiff-3.9.5/libtiff/tif_getimage.c

16

===================================================================

17

--- tiff-3.9.5.orig/libtiff/tif_getimage.c 2015-03-30 08:01:27.936586534 -0400

18

+++ tiff-3.9.5/libtiff/tif_getimage.c 2015-03-30 08:02:04.644905539 -0400

19

@@ -820,6 +820,12 @@

20

int32 fromskew, toskew;

21

int ret = 1, flip;

22

23

+ TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, &subsamplinghor, &subsamplingver);

24

+ if( subsamplingver == 0 ) {

25

+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Invalid vertical YCbCr subsampling");

26

+ return (0);

27

+ }

28

+

29

buf = (unsigned char*) _TIFFmalloc(TIFFStripSize(tif));

30

if (buf == 0) {

31

TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for strip buffer");

32

@@ -837,11 +843,7 @@

33

}

34

35

TIFFGetFieldDefaulted(tif, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);

36

- TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, &subsamplinghor, &subsamplingver);

37

- if( subsamplingver == 0 ) {

38

- TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Invalid vertical YCbCr subsampling");

39

- return (0);

40

- }

41

+

42

scanline = TIFFNewScanlineSize(tif);

43

fromskew = (w < imagewidth ? imagewidth - w : 0);

44

for (row = 0; row < h; row += nrow)

Older »