[SCM] exiv2 packaging branch, master, updated. debian/0.25-2-9-gcc0ad78

Maximiliano Curia maxy at moszumanska.debian.org
Tue Jun 6 10:58:58 UTC 2017 

Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-extras/exiv2.git;a=commitdiff;h=7a76d44

The following commit has been merged in the master branch:
commit 7a76d44aa05b3aeb73c645443e5de9b9403f704f
Author: Moritz Muehlenhoff <jmm at debian.org>
Date:   Tue Jun 6 12:55:53 2017 +0200

    Non-maintainer upload for CVE-2017-9239
    
    Closes: 863410
---
 debian/changelog                   |  7 +++++++
 debian/patches/CVE-2017-9239.patch | 16 ++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 24 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index ea010cd..0d5421c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+exiv2 (0.25-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2017-9239 (Closes: #863410)
+
+ -- Moritz Muehlenhoff <jmm at debian.org>  Mon, 05 Jun 2017 22:42:20 +0200
+
 exiv2 (0.25-3) unstable; urgency=medium
 
   [ Norbert Preining ]
diff --git a/debian/patches/CVE-2017-9239.patch b/debian/patches/CVE-2017-9239.patch
new file mode 100644
index 0000000..6e38153
--- /dev/null
+++ b/debian/patches/CVE-2017-9239.patch
@@ -0,0 +1,16 @@
+From 2f8681e120d277e418941c4361c83b5028f67fd8 Mon Sep 17 00:00:00 2001
+From: clanmills <robin at clanmills.com>
+Date: Sat, 27 May 2017 10:18:17 +0100
+Subject: [PATCH] #1296 Fix submitted.
+
+--- exiv2-0.25.orig/src/tiffcomposite.cpp
++++ exiv2-0.25/src/tiffcomposite.cpp
+@@ -1607,6 +1607,8 @@ namespace Exiv2 {
+     uint32_t TiffImageEntry::doWriteImage(IoWrapper& ioWrapper,
+                                           ByteOrder  /*byteOrder*/) const
+     {
++        if ( !pValue() ) throw Error(21); // #1296
++        
+         uint32_t len = pValue()->sizeDataArea();
+         if (len > 0) {
+ #ifdef DEBUG
diff --git a/debian/patches/series b/debian/patches/series
index 6244361..b7f3a5c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 libtool_update.diff
 upstream-fix-casio-crash
+CVE-2017-9239.patch

-- 
exiv2 packaging

More information about the pkg-kde-commits mailing list