Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-29 10:25:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackware-current/source/l/libtiff/patches/CVE-2022-34526.patch
Patrick J Volkerding b3409a9b21 Wed Jan 4 02:18:08 UTC 2023 
ap/lsof-4.96.5-x86_64-1.txz:  Upgraded.
ap/sqlite-3.40.1-x86_64-1.txz:  Upgraded.
kde/bluedevil-5.26.5-x86_64-1.txz:  Upgraded.
kde/breeze-5.26.5-x86_64-1.txz:  Upgraded.
kde/breeze-grub-5.26.5-x86_64-1.txz:  Upgraded.
kde/breeze-gtk-5.26.5-x86_64-1.txz:  Upgraded.
kde/digikam-7.9.0-x86_64-2.txz:  Rebuilt.
  Recompiled against opencv-4.7.0.
kde/drkonqi-5.26.5-x86_64-1.txz:  Upgraded.
kde/kactivitymanagerd-5.26.5-x86_64-1.txz:  Upgraded.
kde/kde-cli-tools-5.26.5-x86_64-1.txz:  Upgraded.
kde/kde-gtk-config-5.26.5-x86_64-1.txz:  Upgraded.
kde/kdecoration-5.26.5-x86_64-1.txz:  Upgraded.
kde/kdeplasma-addons-5.26.5-x86_64-1.txz:  Upgraded.
kde/kgamma5-5.26.5-x86_64-1.txz:  Upgraded.
kde/khotkeys-5.26.5-x86_64-1.txz:  Upgraded.
kde/kinfocenter-5.26.5-x86_64-1.txz:  Upgraded.
kde/kmenuedit-5.26.5-x86_64-1.txz:  Upgraded.
kde/kpipewire-5.26.5-x86_64-1.txz:  Upgraded.
kde/kscreen-5.26.5-x86_64-1.txz:  Upgraded.
kde/kscreenlocker-5.26.5-x86_64-1.txz:  Upgraded.
kde/ksshaskpass-5.26.5-x86_64-1.txz:  Upgraded.
kde/ksystemstats-5.26.5-x86_64-1.txz:  Upgraded.
kde/kwallet-pam-5.26.5-x86_64-1.txz:  Upgraded.
kde/kwayland-integration-5.26.5-x86_64-1.txz:  Upgraded.
kde/kwin-5.26.5-x86_64-1.txz:  Upgraded.
kde/kwrited-5.26.5-x86_64-1.txz:  Upgraded.
kde/layer-shell-qt-5.26.5-x86_64-1.txz:  Upgraded.
kde/libkscreen-5.26.5-x86_64-1.txz:  Upgraded.
kde/libksysguard-5.26.5-x86_64-1.txz:  Upgraded.
kde/milou-5.26.5-x86_64-1.txz:  Upgraded.
kde/oxygen-5.26.5-x86_64-1.txz:  Upgraded.
kde/oxygen-sounds-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-browser-integration-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-desktop-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-disks-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-firewall-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-integration-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-nm-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-pa-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-sdk-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-systemmonitor-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-vault-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-workspace-5.26.5-x86_64-1.txz:  Upgraded.
kde/plasma-workspace-wallpapers-5.26.5-x86_64-1.txz:  Upgraded.
kde/polkit-kde-agent-1-5.26.5-x86_64-1.txz:  Upgraded.
kde/powerdevil-5.26.5-x86_64-1.txz:  Upgraded.
kde/qqc2-breeze-style-5.26.5-x86_64-1.txz:  Upgraded.
kde/sddm-kcm-5.26.5-x86_64-1.txz:  Upgraded.
kde/systemsettings-5.26.5-x86_64-1.txz:  Upgraded.
kde/xdg-desktop-portal-kde-5.26.5-x86_64-1.txz:  Upgraded.
l/SDL2-2.26.2-x86_64-1.txz:  Upgraded.
l/gst-plugins-bad-free-1.20.5-x86_64-2.txz:  Rebuilt.
  Recompiled against opencv-4.7.0.
l/imagemagick-7.1.0_57-x86_64-1.txz:  Upgraded.
l/libpcap-1.10.2-x86_64-1.txz:  Upgraded.
l/libpsl-0.21.2-x86_64-1.txz:  Upgraded.
l/librevenge-0.0.5-x86_64-1.txz:  Upgraded.
l/libsndfile-1.2.0-x86_64-1.txz:  Upgraded.
l/libtiff-4.4.0-x86_64-2.txz:  Rebuilt.
  Patched various security bugs.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-2056
    https://www.cve.org/CVERecord?id=CVE-2022-2057
    https://www.cve.org/CVERecord?id=CVE-2022-2058
    https://www.cve.org/CVERecord?id=CVE-2022-3970
    https://www.cve.org/CVERecord?id=CVE-2022-34526
  (* Security fix *)
l/netpbm-11.01.00-x86_64-1.txz:  Upgraded.
l/opencv-4.7.0-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/poppler-23.01.0-x86_64-1.txz:  Upgraded.
n/getmail-6.18.11-x86_64-1.txz:  Upgraded.
n/tcpdump-4.99.2-x86_64-1.txz:  Upgraded.
n/whois-5.5.15-x86_64-1.txz:  Upgraded.
  Updated the .bd, .nz and .tv TLD servers.
  Added the .llyw.cymru, .gov.scot and .gov.wales SLD servers.
  Updated the .ac.uk and .gov.uk SLD servers.
  Recursion has been enabled for whois.nic.tv.
  Updated the list of new gTLDs with four generic TLDs assigned in October 2013
  which were missing due to a bug.
  Removed 4 new gTLDs which are no longer active.
  Added the Georgian translation, contributed by Temuri Doghonadze.
  Updated the Finnish translation, contributed by Lauri Nurmi.
xap/pidgin-2.14.12-x86_64-1.txz:  Upgraded.
xap/rxvt-unicode-9.26-x86_64-4.txz:  Rebuilt.
  When the "background" extension was loaded, an attacker able to control the
  data written to the terminal would be able to execute arbitrary code as the
  terminal's user. Thanks to David Leadbeater and Ben Collver.
  For more information, see:
    https://www.openwall.com/lists/oss-security/2022/12/05/1
    https://www.cve.org/CVERecord?id=CVE-2022-4170
  (* Security fix *)
2023-01-04 04:38:00 +01:00

28 lines
898 B
Diff
Raw Blame History

From 275735d0354e39c0ac1dc3c0db2120d6f31d1990 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 27 Jun 2022 16:09:43 +0200
Subject: [PATCH] _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a
codec-specific tag and the codec is not configured (fixes #433)
This avoids crashes when querying such tags
---
libtiff/tif_dirinfo.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
index c30f569b..3371cb5c 100644
--- a/libtiff/tif_dirinfo.c
+++ b/libtiff/tif_dirinfo.c
@@ -1191,6 +1191,9 @@ _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
default:
return 1;
}
+ if( !TIFFIsCODECConfigured(tif->tif_dir.td_compression) ) {
+ return 0;
+ }
/* Check if codec specific tags are allowed for the current
* compression scheme (codec) */
switch (tif->tif_dir.td_compression) {
--
GitLab
Reference in a new issue View git blame Copy permalink