* [gentoo-commits] gentoo-x86 commit in media-gfx/exiv2/files: exiv2-0.24-CVE-2014-9449.patch
@ 2015-01-20 21:40 Johannes Huber (johu)
0 siblings, 0 replies; only message in thread
From: Johannes Huber (johu) @ 2015-01-20 21:40 UTC (permalink / raw
To: gentoo-commits
johu 15/01/20 21:40:26
Added: exiv2-0.24-CVE-2014-9449.patch
Log:
Revision bump adds patch from fedora to fix CVE-2014-9449, bug #534608. Thanks to Pacho Ramos <pacho@gentoo.org> for spotting the patch.
(Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key F3CFD2BD)
Revision Changes Path
1.1 media-gfx/exiv2/files/exiv2-0.24-CVE-2014-9449.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-gfx/exiv2/files/exiv2-0.24-CVE-2014-9449.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-gfx/exiv2/files/exiv2-0.24-CVE-2014-9449.patch?rev=1.1&content-type=text/plain
Index: exiv2-0.24-CVE-2014-9449.patch
===================================================================
diff -up exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 exiv2-0.24/src/riffvideo.cpp
--- exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 2013-12-01 06:13:42.000000000 -0600
+++ exiv2-0.24/src/riffvideo.cpp 2015-01-05 11:21:42.306728309 -0600
@@ -856,7 +856,7 @@ namespace Exiv2 {
void RiffVideo::infoTagsHandler()
{
- const long bufMinSize = 100;
+ const long bufMinSize = 10000;
DataBuf buf(bufMinSize);
buf.pData_[4] = '\0';
io_->seek(-12, BasicIo::cur);
@@ -879,10 +879,14 @@ namespace Exiv2 {
if(infoSize >= 0) {
size -= infoSize;
io_->read(buf.pData_, infoSize);
+ if(infoSize < 4)
+ buf.pData_[infoSize] = '\0';
}
if(tv)
xmpData_[exvGettext(tv->label_)] = buf.pData_;
+ else
+ continue;
}
io_->seek(cur_pos + size_external, BasicIo::beg);
} // RiffVideo::infoTagsHandler
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-01-20 21:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-01-20 21:40 [gentoo-commits] gentoo-x86 commit in media-gfx/exiv2/files: exiv2-0.24-CVE-2014-9449.patch Johannes Huber (johu)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox