summary refs log tree commit diff
path: root/gnu/packages/patches/libtiff-CVE-2016-3623.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/libtiff-CVE-2016-3623.patch')
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-3623.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/gnu/packages/patches/libtiff-CVE-2016-3623.patch b/gnu/packages/patches/libtiff-CVE-2016-3623.patch
new file mode 100644
index 0000000000..08705861e3
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2016-3623.patch
@@ -0,0 +1,30 @@
+Fix CVE-2016-3623.
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3623
+http://bugzilla.maptools.org/show_bug.cgi?id=2569
+
+Patch extracted from upstream CVS repo with:
+$ cvs diff -u -r1.16 -r1.17 tools/rgb2ycbcr.c
+
+Index: tools/rgb2ycbcr.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/rgb2ycbcr.c,v
+retrieving revision 1.16
+retrieving revision 1.17
+diff -u -r1.16 -r1.17
+--- libtiff/tools/rgb2ycbcr.c	21 Jun 2015 01:09:10 -0000	1.16
++++ libtiff/tools/rgb2ycbcr.c	15 Aug 2016 21:26:56 -0000	1.17
+@@ -95,9 +95,13 @@
+ 			break;
+ 		case 'h':
+ 			horizSubSampling = atoi(optarg);
++            if( horizSubSampling != 1 && horizSubSampling != 2 && horizSubSampling != 4 )
++                usage(-1);
+ 			break;
+ 		case 'v':
+ 			vertSubSampling = atoi(optarg);
++            if( vertSubSampling != 1 && vertSubSampling != 2 && vertSubSampling != 4 )
++                usage(-1);
+ 			break;
+ 		case 'r':
+ 			rowsperstrip = atoi(optarg);