CVE-2009-2285 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2285): Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
Created attachment 196475 [details, diff] libtiff-CVE-2009-2285.patch Patch as applied in upstream HEAD, refreshed to 3.8.2 release. Note that another patch has been applied to 3.9 branch but upstream considers this a cleaner patch.
bumped in cvs. *tiff-3.8.2-r7 (04 Jul 2009) 04 Jul 2009; Markus Meier <maekke@gentoo.org> +tiff-3.8.2-r7.ebuild, +files/tiff-3.8.2-CVE-2009-2285.patch: version bump wrt security bug #276339. this ebuild is based on tiff-3.8.2-r5.ebuild as opengl-support is currently broken in -r6.
Arches, please test and mark stable: =media-libs/tiff-3.8.2-r7 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
x86 stable
ppc64 done
ppc done
alpha/arm/ia64/m68k/s390/sh/sparc stable
amd64 stable, all arches done.
GLSA 200908-03