Summary: | <media-libs/tiff-4.0.10-r2: Integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mattias Nissler <mnissler> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Flags: | stable-bot:
sanity-check+
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitlab.com/libtiff/libtiff/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773 | ||
See Also: | https://github.com/gentoo/gentoo/pull/12851 | ||
Whiteboard: | A4 [noglsa cve] | ||
Package list: |
media-libs/tiff-4.0.10-r2
|
Runtime testing required: | Yes |
Bug Depends on: | |||
Bug Blocks: | 639700, 690732 |
Description
Mattias Nissler
2019-09-03 10:31:12 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f50c6e9a116c3d950db0cd2e131893aca2f1cf2 commit 6f50c6e9a116c3d950db0cd2e131893aca2f1cf2 Author: Mattias Nissler <mnissler@chromium.org> AuthorDate: 2019-09-03 10:25:18 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-09-03 19:45:36 +0000 media-libs/tiff: Pull in patch for CVE-2019-14973 Bug: https://bugs.gentoo.org/693394 Signed-off-by: Mattias Nissler <mnissler@chromium.org> Closes: https://github.com/gentoo/gentoo/pull/12851 Signed-off-by: Aaron Bauman <bman@gentoo.org> ....0.10-CVE-2019-14973-fix-integer-overflow.patch | 395 +++++++++++++++++++++ media-libs/tiff/tiff-4.0.10-r2.ebuild | 85 +++++ 2 files changed, 480 insertions(+) @arches, please stabilize. arm64 stable amd64 stable What kind of runtime testing is required here? ppc stable ppc64 stable s390 stable sparc stable x86 stable ia64 stable hppa stable alpha stable arm stable m68k stable sh stable GLSA vote: No. |