Date: Sat, 12 Jun 2010 14:18:14 +0200 (CEST) From: dirk.meyer@dinoex.sub.org To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/147811: grahics/tiff FAX3 decoder buffer overrun Message-ID: <201006121218.o5CCIEWv055127@home3.dinoex.sub.de> Resent-Message-ID: <201006121220.o5CCK24K084765@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 147811 >Category: ports >Synopsis: grahics/tiff FAX3 decoder buffer overrun >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Jun 12 12:20:02 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Dirk Meyer >Release: FreeBSD 8.1-PRERELEASE >Organization: privat >Environment: >Description: Fixes for CVE-2010-1411. The first released patchset does not solve the problem. http://www.remotesensing.org/libtiff/v3.9.3.htm >How-To-Repeat: Update needs appoval from portmrg@ >Fix: Please approve the patch below. Index: Makefile =================================================================== RCS file: /home/pcvs/ports/graphics/tiff/Makefile,v retrieving revision 1.74 diff -u -r1.74 Makefile --- Makefile 12 Jun 2010 12:03:45 -0000 1.74 +++ Makefile 12 Jun 2010 12:16:44 -0000 @@ -8,8 +8,7 @@ # PORTNAME= tiff -PORTVERSION= 3.9.2 -PORTREVISION= 1 +PORTVERSION= 3.9.3 CATEGORIES= graphics MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \ http://dl1.maptools.org/dl/libtiff/ @@ -20,8 +19,6 @@ LIB_DEPENDS= jpeg.11:${PORTSDIR}/graphics/jpeg \ jbig.1:${PORTSDIR}/graphics/jbigkit -FORBIDDEN= FAX3 decoder buffer overrun - USE_LDCONFIG= yes USE_AUTOTOOLS= libtool:22 CONFIGURE_ARGS+= --with-jpeg-include-dir=${LOCALBASE}/include \ Index: distinfo =================================================================== RCS file: /home/pcvs/ports/graphics/tiff/distinfo,v retrieving revision 1.27 diff -u -r1.27 distinfo --- distinfo 6 Nov 2009 19:57:51 -0000 1.27 +++ distinfo 12 Jun 2010 12:16:44 -0000 @@ -1,3 +1,3 @@ -MD5 (tiff-3.9.2.tar.gz) = 93e56e421679c591de7552db13384cb8 -SHA256 (tiff-3.9.2.tar.gz) = 3cd566c19291ea3379115dd0d2ebcdefb6a7cf0511cc33e733ec3a500e10da69 -SIZE (tiff-3.9.2.tar.gz) = 1419742 +MD5 (tiff-3.9.3.tar.gz) = 8e9c2ee955ed7d277dca83a972f306be +SHA256 (tiff-3.9.3.tar.gz) = 60e08794966b7cbf46bbf13c347f1fe41c982f98714909f49d6f198add4fdee6 +SIZE (tiff-3.9.3.tar.gz) = 1439203 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201006121218.o5CCIEWv055127>