FS#77589 - [libtiff] fix at least 10 CVEs
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Monday, 20 February 2023, 21:11 GMT
Last edited by David Runge (dvzrv) - Sunday, 05 March 2023, 16:01 GMT
Opened by T.J. Townsend (blakkheim) - Monday, 20 February 2023, 21:11 GMT
Last edited by David Runge (dvzrv) - Sunday, 05 March 2023, 16:01 GMT
|
Details
Description:
The attached diff does the following (changelog copied from Debian): * Backport fix for tiffcrop correctly update buffersize after rotateImage() * Backport fix for TIFFClose() avoid NULL pointer dereferencing. * Backport security fix for CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803 and CVE-2023-0804, an out-of-bounds write in tiffcrop allows attackers to cause a denial-of-service via a crafted tiff file. * Backport security fix for CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798 and CVE-2023-0799, an out-of-bounds read in tiffcrop allows attackers to cause a denial-of-service via a crafted tiff file. Additional info: Two versions of the patch are attached: the "messy" one copies the current patch naming scheme and isn't very pretty. The "simple" one puts a descriptive comment above each patch URL and looks much cleaner to me. Either one is fine. |
This task depends upon
Closed by David Runge (dvzrv)
Sunday, 05 March 2023, 16:01 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with libtiff/lib32-libtiff 4.5.0-3
Sunday, 05 March 2023, 16:01 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with libtiff/lib32-libtiff 4.5.0-3
I have opened an upstream ticket to track progress for a bugfix release (in the hopes that it will happen faster and with less bikeshed than with 4.4.0): https://gitlab.com/libtiff/libtiff/-/issues/533
Meanwhile I will apply the suggested fixes. Thanks!