As said in http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 , tiffinfo crashes with the proposed files. My tiff-3.7.3 (last stable, x86) is affected. kuickshow, and xzgv totally crash. gv, Gimp and konqueror can't display the picture but they recover the error and they don't crash. My Firefox doesn't display the picture at all. However, it may be possible to send a special .tiff file via a mail or a web server and to cause the client's application to crash. Since i wasn't able to find an example of mail-application or web-application crashing, please check if this is possible. Thanks to ed who has indicated us the bug.
This seems related with #1029 : http://bugzilla.remotesensing.org/show_bug.cgi?id=1029 which has a CVE entry : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0405 Or, at least, it has the same effects (application crash) Corrected in upstream CVS.
graphics / taviso: care to patch ?
Upstream bug 1102 is CVE-2006-202{4-6}. Fixes are here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933
Ccing marienz as he did a recent tiff bump. Marien: Does it include this vulnerability fix ?
A tiff bump? Me? :) The only thing I committed to tiff was a digest fix for bug 131396. For bumps you want vapier or before that sekretarz.
Hi; Other vulns are related to the original one, including possible code execution. See SA-19838 http://secunia.com/advisories/19838/ It's note a B3 anymore, it's an A2. it seems hard to "grep" the different patches from the CVS tree. 3.8.1 is out since a while and corrects the vuln. 3.8.2 is in portage and ~arched. Graphics team, do you want to mark stable 3.8.2 or (introduce in portage and) mark stable 3.8.1 ?
Hi all, i've merged the diff from debian [1] correcting CVE-2006-202[456], and the one from Red Hat [2] correcting CVE-2006-2120. Debian hasn't corrected CVE-2006-2120 issue, don't ask me why. Please verify this patch and add it to portage, then mark stable either 3.8.1, or 3.7.3/3.7.4 patched. adm64, ppc, sparc, x86 : 3.7.4 alpha, hppa, ppc64, sh : 3.7.3
Created attachment 86490 [details, diff] patch 3.7.4
Created attachment 86492 [details, diff] patch 3.7.3 (not verified)
references of #7 [1] http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-3sarge1.diff.gz [2] https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128248&action=edit
arches, please test and mark 3.8.2 stable, thank you
ppc-macos stable
stable on alpha.
I unkeyworded media-libs/tiff-3.8.2 , and emerged it with collision-protect. Builds fine on x86. Runtime testcase I made was, wget ftp://ftp.remotesensing.org/pub/libtiff/pics-3.8.0.tar.gz tar xfvz pics-3.8.0.tar.gz cd libtiffpic tiff2pdf g3test.tif > g3test.pdf And verified conversion went okay with PDF reader. Good to go stable on x86. Portage 2.0.54-r2 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.6-r3, 2.6.16-gentoo-r4 i686) ================================================================= System uname: 2.6.16-gentoo-r4 i686 AMD Athlon(tm) XP 2200+ Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 dev-python/pycrypto: [Not Present] dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -O2 -pipe -g" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib/X11/xkb" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O2 -pipe -g" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig collision-protect distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://trumpetti.atm.tut.fi/gentoo/" LANG="en_US.utf8" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://trumpetti.atm.tut.fi/gentoo-portage" USE="x86 3dnow 3dnowext X a52 aac alsa apm audiofile avi berkdb bitmap-fonts bzip2 cli crypt dri emboss encode expat fam ffmpeg flac foomaticdb fortran gdbm gif gstreamer gtk gtk2 id3 imagemagick imlib ipv6 isdnlog jpeg libg++ libwww mad mikmod mmx mmxext motif mp3 mp4live mpeg mpeg2 musicbrainz ncurses nptl nptlonly ogg opengl oss pam pcre pdflib perl pic player png pppd python quicktime readline reflection sdk sdl session spl sse ssl tcltk tcpd theora tiff truetype truetype-fonts type1-fonts udev unicode userlocales vorbis win32codecs xine xml xml2 xorg xv xvid zlib userland_GNU kernel_linux elibc_glibc" Unset: CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTAGE_RSYNC_OPTS, PORTDIR_OVERLAY
amd64 stable.
Marked stable on x86, and versions prior to 3.7.3 removed. Still several arches to go (which I can't test on) for complete stable on 3.8.2...
compnerd: pretty pretty please let the x86 team handle our bugs in the future :) Thanks
Err, and by compnerd, I mean nerdboy...for some reason, I always mix you two up...
Sorry about bugspam, removing CC..
hppa stable
GLSA 200605-17 Thanks everybody
