#2863 closed task (fixed)
libtiff-3.8.2 vulnerabilities
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Checking recent vulnerabilities, I found CVE-2009-2285. Looking at fedora and ubuntu I find they are patching tiff for rather more: CVE-2006-2193, CVE-2008-2327, and also CVE-2006-3460..65.
The mitre reports for that last group are misleading - they label them as applying "before 3.8.2" but they were reported by Travis Ormandy at gentoo and the gentoo reports say that their ebuilds up to and including 3.8.2-r1 are affected. NB trac is daft enough to think there is a link in that (ebuild) version, I've no idea how to stop that (quoting it doesn't help).
I've prepared a patch, will upload it shortly.
Change History (5)
comment:1 by , 15 years ago
| Owner: | changed from to |
|---|
comment:2 by , 15 years ago
| Status: | new → assigned |
|---|
comment:3 by , 15 years ago
Note:
See TracTickets
for help on using tickets.
Heh, nearly did this yesterday, but real life intervened. Today, I took a look at lwn. This week's vulnerability is CVE-2009-2347. [sigh]