pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/tiff Security fix for CVE-2006-2193:
details: https://anonhg.NetBSD.org/pkgsrc/rev/73669d62b298
branches: trunk
changeset: 514148:73669d62b298
user: salo <salo%pkgsrc.org@localhost>
date: Thu Jun 08 11:05:14 2006 +0000
description:
Security fix for CVE-2006-2193:
"A vulnerability in LibTIFF can be exploited by malicious people to
cause a DoS (Denial of Service) and potentially compromise a user's
system.
The vulnerability is caused due to a boundary error within tiff2pdf
when handling a TIFF file with a "DocumentName" tag that contains
UTF-8 characters. This can be exploited to cause a stack-based buffer
overflow and may allow arbitrary code execution."
http://secunia.com/advisories/20488/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2193
Patch from Ubuntu.
diffstat:
graphics/tiff/Makefile | 4 ++--
graphics/tiff/distinfo | 3 ++-
graphics/tiff/patches/patch-au | 15 +++++++++++++++
3 files changed, 19 insertions(+), 3 deletions(-)
diffs (46 lines):
diff -r 7c763f539159 -r 73669d62b298 graphics/tiff/Makefile
--- a/graphics/tiff/Makefile Thu Jun 08 09:56:43 2006 +0000
+++ b/graphics/tiff/Makefile Thu Jun 08 11:05:14 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.81 2006/04/14 07:08:08 heinz Exp $
+# $NetBSD: Makefile,v 1.82 2006/06/08 11:05:14 salo Exp $
DISTNAME= tiff-3.8.2
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= graphics
MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \
http://libtiff.maptools.org/dl/
diff -r 7c763f539159 -r 73669d62b298 graphics/tiff/distinfo
--- a/graphics/tiff/distinfo Thu Jun 08 09:56:43 2006 +0000
+++ b/graphics/tiff/distinfo Thu Jun 08 11:05:14 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.37 2006/03/31 14:31:03 drochner Exp $
+$NetBSD: distinfo,v 1.38 2006/06/08 11:05:14 salo Exp $
SHA1 (tiff-3.8.2.tar.gz) = 549e67b6a15b42bfcd72fe17cda7c9a198a393eb
RMD160 (tiff-3.8.2.tar.gz) = 1b4d825e3be08764e953fc58246d0c25ab4dd17d
@@ -6,3 +6,4 @@
SHA1 (patch-aa) = edac79a6f3b61e9fc787fe14f750d88023a29bfa
SHA1 (patch-ab) = b517cb8bc2212d3e6c5a70db1bdf45b85b78fc72
SHA1 (patch-at) = 4006ed90f6ab88aff30e2537d613a1b44b5c7347
+SHA1 (patch-au) = c53ed7521c3918081526ad63cd0c1c45c9a0b9ff
diff -r 7c763f539159 -r 73669d62b298 graphics/tiff/patches/patch-au
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-au Thu Jun 08 11:05:14 2006 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-au,v 1.5 2006/06/08 11:05:14 salo Exp $
+
+Security fix for CVE-2006-2193, from Ubuntu.
+
+--- tools/tiff2pdf.c.orig 2006-03-21 17:42:51.000000000 +0100
++++ tools/tiff2pdf.c 2006-06-08 12:39:11.000000000 +0200
+@@ -3668,7 +3668,7 @@
+ written += TIFFWriteFile(output, (tdata_t) "(", 1);
+ for (i=0;i<len;i++){
+ if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
+- sprintf(buffer, "\\%.3o", pdfstr[i]);
++ sprintf(buffer, "\\%.3hho", pdfstr[i]);
+ written += TIFFWriteFile(output, (tdata_t) buffer, 4);
+ } else {
+ switch (pdfstr[i]){
Home |
Main Index |
Thread Index |
Old Index