Summary: | <media-libs/tiff-3.8.2-r7 LZWDecodeCompat() Buffer underflow (CVE-2009-2285) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | graphics+disabled, nerdboy | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149 | ||||||
Whiteboard: | A3 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2009-07-03 08:54:33 UTC
Created attachment 196475 [details, diff]
libtiff-CVE-2009-2285.patch
Patch as applied in upstream HEAD, refreshed to 3.8.2 release. Note that another patch has been applied to 3.9 branch but upstream considers this a cleaner patch.
bumped in cvs. *tiff-3.8.2-r7 (04 Jul 2009) 04 Jul 2009; Markus Meier <maekke@gentoo.org> +tiff-3.8.2-r7.ebuild, +files/tiff-3.8.2-CVE-2009-2285.patch: version bump wrt security bug #276339. this ebuild is based on tiff-3.8.2-r5.ebuild as opengl-support is currently broken in -r6. Arches, please test and mark stable: =media-libs/tiff-3.8.2-r7 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" Stable for HPPA. x86 stable ppc64 done ppc done alpha/arm/ia64/m68k/s390/sh/sparc stable amd64 stable, all arches done. GLSA 200908-03 |