298dde72b0
"Some vulnerabilities have been reported in libTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to various heap and integer overflows when processing TIFF images and can be exploited via a specially crafted TIFF image. Successful exploitation allows crashing applications linked against libTIFF and may also allow execution of arbitrary code." http://secunia.com/advisories/21304/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465 Patches from Tavis Ormandy, Google Security Team via SUSE. Bump PKGREVISION.
26 lines
796 B
Text
26 lines
796 B
Text
$NetBSD: patch-aw,v 1.5 2006/08/02 15:42:25 salo Exp $
|
|
|
|
Security fix for SA21304.
|
|
|
|
--- libtiff/tif_dirinfo.c.orig 2006-02-07 14:51:03.000000000 +0100
|
|
+++ libtiff/tif_dirinfo.c 2006-08-02 17:18:41.000000000 +0200
|
|
@@ -775,7 +775,8 @@ _TIFFFieldWithTag(TIFF* tif, ttag_t tag)
|
|
TIFFErrorExt(tif->tif_clientdata, "TIFFFieldWithTag",
|
|
"Internal error, unknown tag 0x%x",
|
|
(unsigned int) tag);
|
|
- assert(fip != NULL);
|
|
+ /* assert(fip != NULL); */
|
|
+
|
|
/*NOTREACHED*/
|
|
}
|
|
return (fip);
|
|
@@ -789,7 +790,8 @@ _TIFFFieldWithName(TIFF* tif, const char
|
|
if (!fip) {
|
|
TIFFErrorExt(tif->tif_clientdata, "TIFFFieldWithName",
|
|
"Internal error, unknown tag %s", field_name);
|
|
- assert(fip != NULL);
|
|
+ /* assert(fip != NULL); */
|
|
+
|
|
/*NOTREACHED*/
|
|
}
|
|
return (fip);
|