FS#77437 : [libtiff] CVE-2022-48281

FS#77437 - [libtiff] CVE-2022-48281

Attached to Project: Arch Linux
Opened by T.J. Townsend (blakkheim) - Wednesday, 08 February 2023, 19:17 GMT
Last edited by Christian Hesse (eworm) - Friday, 17 February 2023, 20:56 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	David Runge (dvzrv) Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
Attached diff adds the upstream libtiff fix for CVE-2022-48281

Additional info:
Other patches to consider but didn't seem important enough to me:

https://sources.debian.org/src/tiff/4.5.0-4/debian/patches/TIFFSetDirectory_avoid_harmless_unsigned-integer-overflow.patch/
https://sources.debian.org/src/tiff/4.5.0-4/debian/patches/TIFFWriteDirectorySec_avoid_harmless_unsigned-integer-overflow.patch/

libtiff.diff (1.5 KiB)

This task depends upon

Closed by Christian Hesse (eworm)
Friday, 17 February 2023, 20:56 GMT
Reason for closing: Fixed
Additional comments about closing: libtiff 4.5.0-2

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#77437 - [libtiff] CVE-2022-48281

Details

Loading...