Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package tiff. It fixes the last missing bit of
CVE-2014-8128.
unblock tiff/4.0.3-12.3
Cheers,
Moritz
debdiff:
diff -Nru tiff-4.0.3/debian/changelog tiff-4.0.3/debian/changelog
--- tiff-4.0.3/debian/changelog 2015-03-13 23:56:01.000000000 +0100
+++ tiff-4.0.3/debian/changelog 2015-03-23 19:25:35.000000000 +0100
@@ -1,3 +1,10 @@
+tiff (4.0.3-12.3) unstable; urgency=medium
+
+ * Add another (final) patch for CVE-2014-8128 (Bug #2499). Thanks to
+ Petr Gajdos
+
+ -- Moritz Muehlenhoff <j...@debian.org> Mon, 23 Mar 2015 18:26:40 +0100
+
tiff (4.0.3-12.2) unstable; urgency=medium
* Add another patch for CVE-2014-8128 (Bug #2501)
diff -Nru tiff-4.0.3/debian/patches/CVE-2014-8128-5.patch
tiff-4.0.3/debian/patches/CVE-2014-8128-5.patch
--- tiff-4.0.3/debian/patches/CVE-2014-8128-5.patch 1970-01-01
01:00:00.000000000 +0100
+++ tiff-4.0.3/debian/patches/CVE-2014-8128-5.patch 2015-03-23
19:25:03.000000000 +0100
@@ -0,0 +1,14 @@
+Patches by Petr Gajdos (pgaj...@suse.cz) from
+http://bugzilla.maptools.org/show_bug.cgi?id=2499
+
+--- tiff-4.0.3.orig/libtiff/tif_dirinfo.c
++++ tiff-4.0.3/libtiff/tif_dirinfo.c
+@@ -141,6 +141,8 @@ tiffFields[] = {
+ { TIFFTAG_FAXDCS, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII,
TIFF_SETGET_ASCII, FIELD_CUSTOM, TRUE, FALSE, "FaxDcs", NULL },
+ { TIFFTAG_STONITS, 1, 1, TIFF_DOUBLE, 0, TIFF_SETGET_DOUBLE,
TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "StoNits", NULL },
+ { TIFFTAG_INTEROPERABILITYIFD, 1, 1, TIFF_IFD8, 0,
TIFF_SETGET_UNDEFINED, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0,
"InteroperabilityIFDOffset", NULL },
++ { TIFFTAG_CONSECUTIVEBADFAXLINES, 1, 1, TIFF_LONG, 0,
TIFF_SETGET_UINT32, TIFF_SETGET_UINT32, FIELD_CUSTOM, TRUE, FALSE,
"ConsecutiveBadFaxLines", NULL },
++ { TIFFTAG_PREDICTOR, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16,
TIFF_SETGET_UINT16, FIELD_CUSTOM, FALSE, FALSE, "Predictor", NULL },
+ /* begin DNG tags */
+ { TIFFTAG_DNGVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8,
TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGVersion", NULL },
+ { TIFFTAG_DNGBACKWARDVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8,
TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGBackwardVersion", NULL },
diff -Nru tiff-4.0.3/debian/patches/series tiff-4.0.3/debian/patches/series
--- tiff-4.0.3/debian/patches/series 2015-03-13 23:57:19.000000000 +0100
+++ tiff-4.0.3/debian/patches/series 2015-03-23 19:24:49.000000000 +0100
@@ -18,3 +18,5 @@
CVE-2014-8129.patch
CVE-2014-9655.patch
CVE-2014-8128-4.patch
+
+CVE-2014-8128-5.patch
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
