Date: Sun, 31 May 2015 12:00:02 +0200 From: Jan Beich <jbeich@FreeBSD.org> To: Xin LI <delphij@FreeBSD.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r388051 - in head/graphics/rawstudio: . files Message-ID: <a8wl-6p99-wny@FreeBSD.org> In-Reply-To: <201505310914.t4V9E3KW008307@svn.freebsd.org> (Xin LI's message of "Sun, 31 May 2015 09:14:03 %2B0000 (UTC)") References: <201505310914.t4V9E3KW008307@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Xin LI <delphij@FreeBSD.org> writes: > Author: delphij > Date: Sun May 31 09:14:02 2015 > New Revision: 388051 > URL: https://svnweb.freebsd.org/changeset/ports/388051 > > Log: > Apply vendor patch for "Avoid overflow in ljpeg_start()" > (changeset 983bda1f) to prevent a denial of service (crash) via a > crafted image [...] > Security: CVE-2015-3885 > Security: 57325ecf-facc-11e4-968f-b888e347c638 [...] > @@ -0,0 +1,12 @@ > +--- plugins/load-dcraw/dcraw.cc.orig 2015-05-29 01:03:46 UTC > ++++ plugins/load-dcraw/dcraw.cc > +@@ -869,7 +869,8 @@ struct jhead { > +=20 > + int CLASS ljpeg_start (struct jhead *jh, int info_only) > + { > +- int c, tag, len; > ++ int c, tag; > ++ ushort len; > + uchar data[0x10000]; > + const uchar *dp; > +=20 Affected code is also present in at least the following ports: graphics/darktable graphics/dcraw graphics/dcraw-m graphics/freeimage graphics/libraw graphics/netpbm graphics/opengtl multimedia/kodi --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQF8BAEBCgBmBQJVatujXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQjQ0MzY3NEM3RDIzNTc4NkUxNDkyQ0VF NEM3Nzg4MzQ3OURCRERCAAoJEOTHeINHnb3bH7MIAJkU6JVqmMqhYg7+GhF6I9e5 Ii06RTJL2L+pQ0RxHJw0Iwwx8w1WKsRNvVkW5bL6CJdALR/4wzf5D0FViBhzWz4C V6xawC4WWOPKuX6gGoxCgKHrVdtyPEPd4GHSGEQFHK8ODQfQ41CfVog6oe4fWCHn YkfPycLUTwBrjBryk7WVGmvB5b/UxFMQBdpREdJ0cZuNpgeOfM+NzQYrgJ+FCKpW 4y0garbUNeyEVduH36ox4MdVL8SFVXDp1V0CfLlZ1vgyq7VXcDZUfvaeFptpjrrZ z6FbPkq6622R8Lttxq2OEbK0cCsvxkLhPWEWDmusRGx8EOUPqjOc4v46/JfV0XA= =JS2x -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a8wl-6p99-wny>