diff options
author | Leo Famulari <leo@famulari.name> | 2017-12-21 02:55:44 -0500 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2017-12-21 03:24:55 -0500 |
commit | ce16d312c6fc4d23dcf45b73709712b56d6d2174 (patch) | |
tree | 3c26b8c433ba68a3cff74ed7d6f7780bbe221747 /gnu/packages/patches/libexif-CVE-2017-7544.patch | |
parent | 417f3d494f6b7febd086ae064e67646b7faee9ff (diff) | |
download | guix-ce16d312c6fc4d23dcf45b73709712b56d6d2174.tar.gz |
gnu: libexif: Fix CVE-2017-7544.
* gnu/packages/patches/libexif-CVE-2017-7544.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/photo.scm (feh)[source]: Use it.
Diffstat (limited to 'gnu/packages/patches/libexif-CVE-2017-7544.patch')
-rw-r--r-- | gnu/packages/patches/libexif-CVE-2017-7544.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/gnu/packages/patches/libexif-CVE-2017-7544.patch b/gnu/packages/patches/libexif-CVE-2017-7544.patch new file mode 100644 index 0000000000..c4ea373dc5 --- /dev/null +++ b/gnu/packages/patches/libexif-CVE-2017-7544.patch @@ -0,0 +1,29 @@ +Fix CVE-2017-7544: + +https://sourceforge.net/p/libexif/bugs/130/ +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544 + +Patch copied from upstream bug tracker: + +https://sourceforge.net/p/libexif/bugs/130/#489a + +Index: libexif/exif-data.c +=================================================================== +RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v +retrieving revision 1.131 +diff -u -r1.131 exif-data.c +--- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131 ++++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000 +@@ -255,6 +255,12 @@ + exif_mnote_data_set_offset (data->priv->md, *ds - 6); + exif_mnote_data_save (data->priv->md, &e->data, &e->size); + e->components = e->size; ++ if (exif_format_get_size (e->format) != 1) { ++ /* e->format is taken from input code, ++ * but we need to make sure it is a 1 byte ++ * entity due to the multiplication below. */ ++ e->format = EXIF_FORMAT_UNDEFINED; ++ } + } + } + |