Bug 35006 - [security] Many CVEs in libtiff4
Summary: [security] Many CVEs in libtiff4
Status: CLOSED FIXED
Alias: None
Product: Branch p8
Classification: Distributions
Component: apt (show other bugs)
Version: не указана
Hardware: all Linux
: P3 normal
Assignee: Andrey Cherepanov
QA Contact: qa-p8@altlinux.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-06 22:14 MSK by mikhailnov
Modified: 2018-06-08 18:08 MSK (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description mikhailnov 2018-06-06 22:14:00 MSK 
// вешаю на apt, т.к. на libtiff4 (https://packages.altlinux.org/ru/Sisyphus/srpms/libtiff4/) не получается, багзилла не находит такого компонента \\

В последний раз обновлялось в Альте в 2012 году. За то время накопилось огромное количество CVE. В Debian oldoldstable (Wheezy) вот так:
$ ls tiff-3.9.6/debian/patches | grep CVE
CVE-2010-2596.patch
CVE-2012-1173.patch
CVE-2012-2088.patch
CVE-2012-3401.patch
CVE-2012-4447.patch
CVE-2012-5581.patch
CVE-2013-1961.patch
CVE-2014-8128-1.patch
CVE-2014-8128-2.patch
CVE-2014-8128-3.patch
CVE-2014-8128-4.patch
CVE-2014-8129.patch
CVE-2014-9655.patch
CVE-2015-8665-and-CVE-2015-8683.patch
CVE-2015-8781_CVE-2015-8782_CVE-2015-8783.patch
CVE-2015-8784.patch
CVE-2016-10095_CVE-2017-9147.patch
CVE-2016-3186.patch
CVE-2016-3623.patch
CVE-2016-3945.patch
CVE-2016-3990.patch
CVE-2016-3991.patch
CVE-2016-5321.patch
CVE-2016-5323.patch
CVE-2016-5875.patch
CVE-2016-6223.patch
CVE-2016-9533.patch
CVE-2016-9534.patch
CVE-2016-9535.patch
CVE-2017-11335.patch
CVE-2017-18013.patch
CVE-2017-7593.patch
CVE-2017-7594.patch
CVE-2017-7595.patch
CVE-2017-7596.patch
CVE-2017-7601.patch
CVE-2017-9403.patch
CVE-2017-9404.patch
CVE-2017-9936.patch
CVE-2018-7456.patch
CVE-2018-8905.patch
Comment 1 alexey 2018-06-08 18:08:20 MSK 
на данную библиотеку зависимости отсутствуют, пакет удалён.