36575 2019-04-09 17:12:50 +0300 libtiff необходимо обновить 2019-04-10 03:21:53 +0300 1 1 4 Development Sisyphus libtiff5 unstable all Linux CLOSED FIXED P3 normal --- 1 ldv lav aen lav ldv protvin qa-sisyphus oldest_to_newest 180680 0 ldv 2019-04-09 17:12:50 +0300 4.0.3 -> 4.0.10 180684 1 aen 2019-04-09 18:10:38 +0300 Если с 4.0.3, то все же libtiff. libtiff5 нет в Сизифе. 180686 2 ldv 2019-04-09 18:40:12 +0300 Наша багзилла оперерирует собранными пакетами, а не исходными. Собранный пакет сейчас называется libtiff5. Когда-то давно был собранный пакет libtiff, в багзилле он остался. 180695 3 repository-robot 2019-04-10 03:21:53 +0300 libtiff-4.0.10.0.57.f9fc01c3-alt1 -> sisyphus: Tue Apr 09 2019 Vladimir D. Seleznev <vseleznv@altlinux> 4.0.10.0.57.f9fc01c3-alt1 - Updated to v4.0.10-57-gf9fc01c3 (ALT #36575, #34677). - Applied SUSE patches: + tiff-4.0.3-seek.patch; + tiff-4.0.3-compress-warning.patch; + tiff-CVE-2018-12900.patch. - Built with support of: + libjbig; + libwebp; + libzstd. - Fixes: + CVE-2012-4564 Zero size buffer exploit in ppm2tiff; + CVE-2013-1960 Heap-based buffer overflow in the t2p_process_jpeg_strip(); + CVE-2013-4232 Use-after-free vulnerability in the t2p_readwrite_pdf_image(); + CVE-2013-4243 Heap-based buffer overflow in the readgifimage(); + CVE-2013-4244 DoS or possible RCE via crafted GIF image; + CVE-2014-8127 Out-of-bounds read with malformed TIFF image in multiple tool; + CVE-2014-8129 Out-of-bounds read/write with malformed TIFF image in tiff2pdf; + CVE-2014-8130 Divide-by-zero error in _TIFFmalloc(); + CVE-2014-9330 Integer overflow in tif_packbits.c in bmp2tif; + CVE-2015-8870 Integer overflow in tools/bmp2tiff.c (DoS or information leak); + CVE-2018-5360 Heap-based buffer overflow in the ReadTIFFImage().