Summary: | <media-libs/tiff-4.0.10-r1: Denial of Service vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | http://bugzilla.maptools.org/show_bug.cgi?id=2750 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 693394 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2017-12-04 01:54:32 UTC
I guess it happens also on a stable version i think this is: http://bugzilla.maptools.org/show_bug.cgi?id=2750 a mitigation was added for the next release, but i don't think it fixes it fully: https://gitlab.com/libtiff/libtiff/commit/9171da596c88e6a2dadcab4a3a89dddd6e1b4655 Still not fixed upstream... that I can find. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1408d12740a4cd2a6d71fe5f52386d9d77128645 commit 1408d12740a4cd2a6d71fe5f52386d9d77128645 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-08-05 00:03:19 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-08-05 00:12:00 +0000 media-libs/tiff: revbump to address open security bugs * This commit addresses 3 outstanding security issues reported by the individuals listed below. * This commit involved cherry-picking the patches and adding a revbump as the original PR's renamed the original ebuild and kept stable keywords. Bug: https://bugs.gentoo.org/639700 Bug: https://bugs.gentoo.org/690732 Closes: https://github.com/gentoo/gentoo/pull/12543 Closes: https://github.com/gentoo/gentoo/pull/11743 Reported-by: Benjamin Gordon <bmgordon@chromium.org> Reported-by: Allen Webb <allenwebb@google.com> Signed-off-by: Aaron Bauman <bman@gentoo.org> ...-2018-17000-tif_dirwrite-null-dereference.patch | 33 +++++++++ .../tiff-4.0.10-CVE-2019-6128-pal2rgb-leak.patch | 48 ++++++++++++ ....0.10-CVE-2019-7663-tiffcpIntegerOverflow.patch | 73 ++++++++++++++++++ media-libs/tiff/tiff-4.0.10-r1.ebuild | 86 ++++++++++++++++++++++ 4 files changed, 240 insertions(+) Added to an existing GLSA. This issue was resolved and addressed in GLSA 202003-25 at https://security.gentoo.org/glsa/202003-25 by GLSA coordinator Thomas Deutschmann (whissi). |