[BLFS Trac] #2863: libtiff-3.8.2 vulnerabilities

BLFS Trac trac at linuxfromscratch.org
Fri Jul 10 10:03:48 PDT 2009


#2863: libtiff-3.8.2 vulnerabilities
--------------------------------------+-------------------------------------
 Reporter:  ken@…                     |       Owner:  blfs-book@…                   
     Type:  task                      |      Status:  new                           
 Priority:  normal                    |   Milestone:  6.4                           
Component:  BOOK                      |     Version:  SVN                           
 Severity:  normal                    |    Keywords:                                
--------------------------------------+-------------------------------------
 Checking recent vulnerabilities, I found CVE-2009-2285.  Looking at fedora
 and ubuntu I find they are patching tiff for rather more: CVE-2006-2193,
 CVE-2008-2327, and also CVE-2006-3460..65.

 The mitre reports for that last group are misleading - they label them as
 applying "before 3.8.2" but they were reported by Travis Ormandy at gentoo
 and the gentoo reports say that their ebuilds up to and including 3.8.2-r1
 are affected.  NB trac is daft enough to think there is a link in that
 (ebuild) version, I've no idea how to stop that (quoting it doesn't help).

 I've prepared a patch, will upload it shortly.

-- 
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/2863>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch



More information about the blfs-book mailing list