Summary: | media-libs/tiff Multiple issues (CVE-2006-34{59-65}) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | major | CC: | bernd, chainsaw, graphics+disabled | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | A2 [glsa] jaervosz | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2006-08-01 00:56:03 UTC
Created attachment 93188 [details, diff]
tiff-3.8.2-goo-sec.diff
Steve please advise and attach an updated ebuild here for pretesting. This is now public. Graphics please provide an updated ebuild. Created attachment 93315 [details]
updated ebuild incorporating google-dude's patch
Builds and installs fines, but I only had a chance to review the patch (and not any significant functional testing).
(In reply to comment #4) > Created an attachment (id=93315) [edit] > updated ebuild incorporating google-dude's patch > > Builds and installs fines, but I only had a chance to review the patch (and not > any significant functional testing). > everything is right. It works for me. Debian has used exactly the same patch :) you can bump it into portage please Okay, I'm cleaning up the old versions as well... Thank you Steve. Hi arches, it's your turn now... please test and mark stable tiff-3.8.2-r2 ebuild so that we can issue the GLSA promptly. mips: note that 3.7.x is also vulnerable, but has not been patched in portage. However it is technically possible to do so, if needed. This one is ready for GLSA. GLSA 200608-07 Note: mips is now stable on 3.8.2-r2, however, jbig-kit is not, so the jbig USE flag is masked on mips until they decide they want it. Created attachment 93632 [details]
exploit for CVE-2006-3459.
Attaching exploit for the stack overflow issue, for future reference.
Does not affect current (2008.0) release. Removing release. |