Opened 13 years ago

Closed 13 years ago

Last modified 12 years ago

#2863 closed task (fixed)

libtiff-3.8.2 vulnerabilities

Reported by: ken@… Owned by: ken@…
Priority: normal Milestone:
Component: BOOK Version: SVN
Severity: normal Keywords:


Checking recent vulnerabilities, I found CVE-2009-2285. Looking at fedora and ubuntu I find they are patching tiff for rather more: CVE-2006-2193, CVE-2008-2327, and also CVE-2006-3460..65.

The mitre reports for that last group are misleading - they label them as applying "before 3.8.2" but they were reported by Travis Ormandy at gentoo and the gentoo reports say that their ebuilds up to and including 3.8.2-r1 are affected. NB trac is daft enough to think there is a link in that (ebuild) version, I've no idea how to stop that (quoting it doesn't help).

I've prepared a patch, will upload it shortly.

Change History (5)

comment:1 by ken@…, 13 years ago

Owner: changed from blfs-book@… to ken@…

comment:2 by ken@…, 13 years ago

Status: newassigned

comment:3 by ken@…, 13 years ago

Heh, nearly did this yesterday, but real life intervened. Today, I took a look at lwn. This week's vulnerability is CVE-2009-2347. [sigh]

comment:4 by ken@…, 13 years ago

Resolution: fixed
Status: assignedclosed

comment:5 by (none), 12 years ago

Milestone: 6.4

Milestone 6.4 deleted

Note: See TracTickets for help on using tickets.