rev 20062 - in kde-extras/exiv2/branches: . 0.24/debian 0.24/debian/patches
Maximiliano Curia
maxy at moszumanska.debian.org
Tue Aug 4 14:37:35 UTC 2015
Author: maxy
Date: 2015-08-04 14:37:35 +0000 (Tue, 04 Aug 2015)
New Revision: 20062
Added:
kde-extras/exiv2/branches/0.24/
kde-extras/exiv2/branches/0.24/debian/patches/CVE-2014-9449.patch
Modified:
kde-extras/exiv2/branches/0.24/debian/changelog
kde-extras/exiv2/branches/0.24/debian/patches/series
Log:
Import 0.24-4.1 NMU
Modified: kde-extras/exiv2/branches/0.24/debian/changelog
===================================================================
--- kde-extras/exiv2/tags/0.24-4/debian/changelog 2015-05-12 17:35:59 UTC (rev 20061)
+++ kde-extras/exiv2/branches/0.24/debian/changelog 2015-08-04 14:37:35 UTC (rev 20062)
@@ -1,3 +1,12 @@
+exiv2 (0.24-4.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add CVE-2014-9449.patch patch.
+ CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler
+ Thanks to Klaus Ethgen <Klaus at Ethgen.de> (Closes: #773846)
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Wed, 07 Jan 2015 20:25:48 +0100
+
exiv2 (0.24-4) unstable; urgency=medium
* Team upload.
Added: kde-extras/exiv2/branches/0.24/debian/patches/CVE-2014-9449.patch
===================================================================
--- kde-extras/exiv2/branches/0.24/debian/patches/CVE-2014-9449.patch (rev 0)
+++ kde-extras/exiv2/branches/0.24/debian/patches/CVE-2014-9449.patch 2015-08-04 14:37:35 UTC (rev 20062)
@@ -0,0 +1,41 @@
+From ed36a4692058f745a06d87bdaf107bc43c7d2359 Mon Sep 17 00:00:00 2001
+From: badola <badola at b7c8b350-86e7-0310-a4b4-de8f6a8f16a3>
+Date: Thu, 19 Jun 2014 20:28:44 +0000
+Subject: [PATCH] #960: Added a Buffer Overflow Fix in INFO tags of
+ RIFFVIDEO.CPP
+
+git-svn-id: svn://dev.exiv2.org/svn/trunk@3264 b7c8b350-86e7-0310-a4b4-de8f6a8f16a3
+---
+ src/riffvideo.cpp | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/riffvideo.cpp b/src/riffvideo.cpp
+index 4545bc3..0dcd291 100644
+--- a/src/riffvideo.cpp
++++ b/src/riffvideo.cpp
+@@ -856,7 +856,7 @@ namespace Exiv2 {
+
+ void RiffVideo::infoTagsHandler()
+ {
+- const long bufMinSize = 100;
++ const long bufMinSize = 10000;
+ DataBuf buf(bufMinSize);
+ buf.pData_[4] = '\0';
+ io_->seek(-12, BasicIo::cur);
+@@ -879,10 +879,14 @@ namespace Exiv2 {
+ if(infoSize >= 0) {
+ size -= infoSize;
+ io_->read(buf.pData_, infoSize);
++ if(infoSize < 4)
++ buf.pData_[infoSize] = '\0';
+ }
+
+ if(tv)
+ xmpData_[exvGettext(tv->label_)] = buf.pData_;
++ else
++ continue;
+ }
+ io_->seek(cur_pos + size_external, BasicIo::beg);
+ } // RiffVideo::infoTagsHandler
+--
+2.1.4
Modified: kde-extras/exiv2/branches/0.24/debian/patches/series
===================================================================
--- kde-extras/exiv2/tags/0.24-4/debian/patches/series 2015-05-12 17:35:59 UTC (rev 20061)
+++ kde-extras/exiv2/branches/0.24/debian/patches/series 2015-08-04 14:37:35 UTC (rev 20062)
@@ -1 +1,2 @@
libtool_update.diff
+CVE-2014-9449.patch
More information about the pkg-kde-commits
mailing list