Summary: | <media-libs/tiff-4.0.10-r1: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Benjamin Gordon <bmgordon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Flags: | stable-bot:
sanity-check+
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugzilla.maptools.org/show_bug.cgi?id=2833 | ||
See Also: | https://github.com/gentoo/gentoo/pull/12543 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
media-libs/tiff-4.0.10-r1
|
Runtime testing required: | Yes |
Bug Depends on: | 693394 | ||
Bug Blocks: |
Description
Benjamin Gordon
2019-07-25 21:17:28 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1408d12740a4cd2a6d71fe5f52386d9d77128645 commit 1408d12740a4cd2a6d71fe5f52386d9d77128645 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-08-05 00:03:19 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-08-05 00:12:00 +0000 media-libs/tiff: revbump to address open security bugs * This commit addresses 3 outstanding security issues reported by the individuals listed below. * This commit involved cherry-picking the patches and adding a revbump as the original PR's renamed the original ebuild and kept stable keywords. Bug: https://bugs.gentoo.org/639700 Bug: https://bugs.gentoo.org/690732 Closes: https://github.com/gentoo/gentoo/pull/12543 Closes: https://github.com/gentoo/gentoo/pull/11743 Reported-by: Benjamin Gordon <bmgordon@chromium.org> Reported-by: Allen Webb <allenwebb@google.com> Signed-off-by: Aaron Bauman <bman@gentoo.org> ...-2018-17000-tif_dirwrite-null-dereference.patch | 33 +++++++++ .../tiff-4.0.10-CVE-2019-6128-pal2rgb-leak.patch | 48 ++++++++++++ ....0.10-CVE-2019-7663-tiffcpIntegerOverflow.patch | 73 ++++++++++++++++++ media-libs/tiff/tiff-4.0.10-r1.ebuild | 86 ++++++++++++++++++++++ 4 files changed, 240 insertions(+) arm64 stable s390 stable ppc64 stable sparc stable ppc stable amd64 stable x86 stable alpha stable ia64 stable hppa stable Added to an existing GLSA. This issue was resolved and addressed in GLSA 202003-25 at https://security.gentoo.org/glsa/202003-25 by GLSA coordinator Thomas Deutschmann (whissi). |