libtiff is vulnerable to a buffer overflow when a malformed value is set as BitsPerSample. Upstream has been informed: http://bugzilla.remotesensing.org/show_bug.cgi?id=843
Proposed patch by upstream attached to referenced bug. Steve please commit an updated ebuild.
upstream developer has stated that this has now been fixed in cvs. (see URL above)
Created attachment 58276 [details, diff] samples vulnerability patch Here's the patch from cvs, the ChangeLog indicates the 1.52 revision was incomplete, so these are the updates from 1.51-1.53.
Steve provide an updated ebuild.
Of course should have been Steve please provide an updated ebuild.
Now in CVS: +files/tiff-3.7.2-buffer_check.patch, -tiff-3.7.0.ebuild, -tiff-3.7.1.ebuild, +tiff-3.7.2.ebuild: bump, cleanup, and patch for bug 91584 The new ebuild is all ~arch with the patch; the two older stable ebuilds are not patched (haven't tried yet). 3.7.2 is listed on the maptools.org site as both latest stable and latest development release.
Thx Steve. Devs please test and mark 3.7.2 stable. alpha: kloeri amd64: eradicator ppc: josejx sparc: gustavoz x86: tester arm hppa ia64 mips ppc64 ppc-macos s390 will be called shortly.
I'm testing for amd64 and sparc now... is this really neccessary: pkg_postinst() { einfo "Latest tiff with bug #91584 fixes." }
sparc done by eradicator, i'm no longer required here :)
GLSA 200505-07