Summary: | media-libs/tiff <3.8.2-r4 buffer underflow in LZW decoding (CVE-2008-2327) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | normal | CC: | graphics+disabled, nerdboy | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | A2 [glsa] | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2008-08-06 12:15:21 UTC
Drew also informed us about the following issue: http://bugzilla.maptools.org/show_bug.cgi?id=1929 Created attachment 162354 [details, diff]
tiff-3.8.2-CVE-2008-2327.patch
Created attachment 162356 [details, diff] tiff-3.8.2-bug1929.patch We have no upstream comment on either of the two patches, and probably won't have until after the embargo timeline. I'll attach an ebuild applying the existing patches, and we can update them later if upstream decides otherwise. Created attachment 163378 [details, diff]
tiff-3.8.2-r4.ebuild
Arch Security Liaisons, please test the attached ebuild and report it stable on this bug. Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" CC'ing current Liaisons: alpha : yoswink, armin76 amd64 : keytoaster, tester hppa : jer ppc : dertobi123 ppc64 : corsair sparc : fmccor x86 : maekke, armin76 HPPA is OK. looks good on amd64/x86. looks good on ppc64 alpha is ok now public via http://secunia.com/advisories/31610/ I combined both patches into one because it was decided to combine both issues (Drew Yao and the upstream bug) into the CVE. Committed the ebuild to the tree with the gathered keywords, still to do: Arches, please test and mark stable: =media-libs/tiff-3.8.2-r4 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" Already stabled : "alpha amd64 hppa ppc64 x86" Missing keywords: "arm ia64 m68k ppc s390 sh sparc" ia64/sparc stable ppc stable GLSA request filed. GLSA 200809-07 |