CVE-2018-17000, CVE-2019-6128, and CVE-2019-7663 appear to affect the current 4.0.10 tiff ebuild. https://github.com/gentoo/gentoo/pull/11743 looks like it has fixes for the first two. I'll send a PR with the upstream patches for the third one shortly. Reproducible: Always
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1408d12740a4cd2a6d71fe5f52386d9d77128645 commit 1408d12740a4cd2a6d71fe5f52386d9d77128645 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-08-05 00:03:19 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-08-05 00:12:00 +0000 media-libs/tiff: revbump to address open security bugs * This commit addresses 3 outstanding security issues reported by the individuals listed below. * This commit involved cherry-picking the patches and adding a revbump as the original PR's renamed the original ebuild and kept stable keywords. Bug: https://bugs.gentoo.org/639700 Bug: https://bugs.gentoo.org/690732 Closes: https://github.com/gentoo/gentoo/pull/12543 Closes: https://github.com/gentoo/gentoo/pull/11743 Reported-by: Benjamin Gordon <bmgordon@chromium.org> Reported-by: Allen Webb <allenwebb@google.com> Signed-off-by: Aaron Bauman <bman@gentoo.org> ...-2018-17000-tif_dirwrite-null-dereference.patch | 33 +++++++++ .../tiff-4.0.10-CVE-2019-6128-pal2rgb-leak.patch | 48 ++++++++++++ ....0.10-CVE-2019-7663-tiffcpIntegerOverflow.patch | 73 ++++++++++++++++++ media-libs/tiff/tiff-4.0.10-r1.ebuild | 86 ++++++++++++++++++++++ 4 files changed, 240 insertions(+)
arm64 stable
s390 stable
ppc64 stable
sparc stable
ppc stable
amd64 stable
x86 stable
alpha stable
ia64 stable
hppa stable
Added to an existing GLSA.
This issue was resolved and addressed in GLSA 202003-25 at https://security.gentoo.org/glsa/202003-25 by GLSA coordinator Thomas Deutschmann (whissi).
