Apply fixes CVE-2013-6629, CVE-2013-6630 (#20131737)
This commit is contained in:
Petr Hracek
parent
ce5980d249
commit
ce1b807b4b
17
libjpeg-turbo-CVE-2013-6629.patch
Normal file
17
libjpeg-turbo-CVE-2013-6629.patch
Normal file
@ -0,0 +1,17 @@
|
||||
diff --git a/jdmarker.c b/jdmarker.c
|
||||
index 77f7274..7b4c12d 100644
|
||||
--- a/jdmarker.c
|
||||
+++ b/jdmarker.c
|
||||
@@ -348,6 +348,12 @@ get_sos (j_decompress_ptr cinfo)
|
||||
|
||||
TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
|
||||
compptr->dc_tbl_no, compptr->ac_tbl_no);
|
||||
+
|
||||
+ /* This CSi (cc) should differ from the previous CSi */
|
||||
+ for (ci = 0; ci < i; ci++) {
|
||||
+ if (cinfo->cur_comp_info[ci] == compptr)
|
||||
+ ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
|
||||
+ }
|
||||
}
|
||||
|
||||
/* Collect the additional scan parameters Ss, Se, Ah/Al. */
|
||||
12
libjpeg-turbo-CVE-2013-6630.patch
Normal file
12
libjpeg-turbo-CVE-2013-6630.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff --git a/jdmarker.c b/jdmarker.c
|
||||
index 7b4c12d..381835b 100644
|
||||
--- a/jdmarker.c
|
||||
+++ b/jdmarker.c
|
||||
@@ -471,6 +471,7 @@ get_dht (j_decompress_ptr cinfo)
|
||||
for (i = 0; i < count; i++)
|
||||
INPUT_BYTE(cinfo, huffval[i], return FALSE);
|
||||
|
||||
+ MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
|
||||
length -= count;
|
||||
|
||||
if (index & 0x10) { /* AC table definition */
|
||||
@ -1,6 +1,6 @@
|
||||
Name: libjpeg-turbo
|
||||
Version: 1.3.0
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: A MMX/SSE2 accelerated library for manipulating JPEG image files
|
||||
|
||||
Group: System Environment/Libraries
|
||||
@ -25,6 +25,8 @@ Provides: libjpeg%{_isa} = 6b-47%{?dist}
|
||||
%endif
|
||||
|
||||
Patch0: libjpeg-turbo12-noinst.patch
|
||||
Patch1: libjpeg-turbo-CVE-2013-6629.patch
|
||||
Patch2: libjpeg-turbo-CVE-2013-6630.patch
|
||||
|
||||
%description
|
||||
The libjpeg-turbo package contains a library of functions for manipulating
|
||||
@ -92,6 +94,8 @@ will manipulate JPEG files using the TurboJPEG library.
|
||||
%setup -q
|
||||
|
||||
%patch0 -p1 -b .noinst
|
||||
%patch1 -p1 -b .CVE-2013-6629
|
||||
%patch2 -p1 -b .CVE-2013-6630
|
||||
|
||||
%build
|
||||
autoreconf -fiv
|
||||
@ -165,6 +169,9 @@ make test
|
||||
%{_libdir}/libturbojpeg.so
|
||||
|
||||
%changelog
|
||||
* Thu Dec 19 2013 Petr Hracek <phracek@redhat.com> - 1.3.0-2
|
||||
- Apply fixes CVE-2013-6629, CVE-2013-6630 (#20131737)
|
||||
|
||||
* Thu Jul 25 2013 Petr Hracek <phracek@redhat.com> - 1.3.0-1
|
||||
- new upstream version
|
||||
- no soname bump change
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user