SOURCES: libexif-cve-2007-6351.patch (NEW), libexif-cve-2007-6352....

blues blues at pld-linux.org
Mon Dec 24 11:05:23 CET 2007 

Author: blues                        Date: Mon Dec 24 10:05:23 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- rel.2 - patches from RH: CVE-2007-6351, CVE-2007-6352

---- Files affected:
SOURCES:
   libexif-cve-2007-6351.patch (NONE -> 1.1)  (NEW), libexif-cve-2007-6352.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/libexif-cve-2007-6351.patch
diff -u /dev/null SOURCES/libexif-cve-2007-6351.patch:1.1
--- /dev/null	Mon Dec 24 11:05:23 2007
+++ SOURCES/libexif-cve-2007-6351.patch	Mon Dec 24 11:05:18 2007
@@ -0,0 +1,13 @@
+diff -up libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351 libexif-0.6.13/libexif/exif-loader.c
+--- libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351	2007-12-15 22:16:06.000000000 -0500
++++ libexif-0.6.13/libexif/exif-loader.c	2007-12-15 22:16:42.000000000 -0500
+@@ -173,6 +173,9 @@ exif_loader_write (ExifLoader *eld, unsi
+ 		break;
+ 	}
+ 
++	if (!len)
++		return 1;
++
+ 	exif_log (eld->log, EXIF_LOG_CODE_DEBUG, "ExifLoader",
+ 		  "Scanning %i byte(s) of data...", len);
+ 

================================================================
Index: SOURCES/libexif-cve-2007-6352.patch
diff -u /dev/null SOURCES/libexif-cve-2007-6352.patch:1.1
--- /dev/null	Mon Dec 24 11:05:23 2007
+++ SOURCES/libexif-cve-2007-6352.patch	Mon Dec 24 11:05:18 2007
@@ -0,0 +1,16 @@
+diff -up libexif-0.6.13/libexif/exif-data.c.cve-2007-6352 libexif-0.6.13/libexif/exif-data.c
+--- libexif-0.6.13/libexif/exif-data.c.cve-2007-6352	2007-12-15 22:06:15.000000000 -0500
++++ libexif-0.6.13/libexif/exif-data.c	2007-12-15 22:07:27.000000000 -0500
+@@ -285,10 +285,9 @@ static void
+ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
+ 			       unsigned int ds, ExifLong offset, ExifLong size)
+ {
+-	if (ds < offset + size) {
++	if ((ds < offset + size) || (offset < 0) || (size < 0) || (offset + size < offset)) {
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+-			  "Bogus thumbnail offset and size: %i < %i + %i.",
+-			  (int) ds, (int) offset, (int) size);
++			  "Bogus thumbnail offset and size");
+ 		return;
+ 	}
+ 	if (data->data) 
================================================================

More information about the pld-cvs-commit mailing list