packages: libtiff/libtiff-CVE-2009-2285.patch - still required

Mon Oct 26 00:56:06 CET 2009

Author: sls                          Date: Sun Oct 25 23:56:06 2009 GMT
Module: packages                      Tag: HEAD
---- Log message:
- still required

---- Files affected:
packages/libtiff:
   libtiff-CVE-2009-2285.patch (1.2 -> 1.3) 

---- Diffs:

================================================================
Index: packages/libtiff/libtiff-CVE-2009-2285.patch
diff -u /dev/null packages/libtiff/libtiff-CVE-2009-2285.patch:1.3

--- /dev/null	Mon Oct 26 00:56:06 2009
+++ packages/libtiff/libtiff-CVE-2009-2285.patch	Mon Oct 26 00:56:01 2009
@@ -0,0 +1,22 @@
+Index: tiff-3.8.2/libtiff/tif_lzw.c
+===================================================================
+--- tiff-3.8.2.orig/libtiff/tif_lzw.c
++++ tiff-3.8.2/libtiff/tif_lzw.c
+@@ -421,7 +421,7 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize
+ 			NextCode(tif, sp, bp, code, GetNextCode);
+ 			if (code == CODE_EOI)
+ 				break;
+-			if (code == CODE_CLEAR) {
++			if (code >= CODE_CLEAR) {
+ 				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ 				"LZWDecode: Corrupted LZW table at scanline %d",
+ 				tif->tif_row);
+@@ -624,7 +624,7 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0,
+ 			NextCode(tif, sp, bp, code, GetNextCodeCompat);
+ 			if (code == CODE_EOI)
+ 				break;
+-			if (code == CODE_CLEAR) {
++			if (code >= CODE_CLEAR) {
+ 				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ 				"LZWDecode: Corrupted LZW table at scanline %d",
+ 				tif->tif_row);
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/libtiff/libtiff-CVE-2009-2285.patch?r1=1.2&r2=1.3&f=u

