Summary: | <media-libs/tiff-4.0.10: potential out-of-bounds write in JBIGDecode() | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled, pacho |
Priority: | Normal | Keywords: | STABLEREQ |
Version: | unspecified | Flags: | stable-bot:
sanity-check+
|
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://gitlab.com/libtiff/libtiff/merge_requests/38 | ||
Whiteboard: | A3 [glsa+ cve stable] | ||
Package list: |
=media-libs/tiff-4.0.10
=app-arch/zstd-1.3.7-r1
|
Runtime testing required: | --- |
Description
D'juan McDonald (domhnall)
2018-10-30 09:45:20 UTC
Fix is present in 4.0.10 git tag --contains 681748ec @arches, please stabilize. An automated check of this bug failed - repoman reported dependency errors (197 lines truncated):
> dependency.bad media-libs/tiff/tiff-4.0.10.ebuild: DEPEND: alpha(default/linux/alpha/17.0) ['>=app-arch/zstd-1.3.7-r1:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-libs/tiff/tiff-4.0.10.ebuild: RDEPEND: alpha(default/linux/alpha/17.0) ['>=app-arch/zstd-1.3.7-r1:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-libs/tiff/tiff-4.0.10.ebuild: DEPEND: alpha(default/linux/alpha/17.0/desktop) ['>=app-arch/zstd-1.3.7-r1:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
amd64 stable x86 stable ppc/ppc64 stable hppa stable ia64 stable arm64 stable arm stable *** Bug 681532 has been marked as a duplicate of this bug. *** sparc stable This issue was resolved and addressed in GLSA 201904-15 at https://security.gentoo.org/glsa/201904-15 by GLSA coordinator Aaron Bauman (b-man). re-opened for final arches and cleanup. s390 stable sh stable m68k stable oh alpha was forgitten, sorry alpha stable |