Bug 36575 - libtiff необходимо обновить
Summary: libtiff необходимо обновить
Alias: None
Product: Sisyphus
Classification: Development
Component: libtiff5 (show other bugs)
Version: unstable
Hardware: all Linux
: P3 normal
Assignee: Vladimir D. Seleznev
QA Contact: qa-sisyphus
Depends on:
Reported: 2019-04-09 17:12 MSK by Dmitry V. Levin
Modified: 2019-04-10 03:21 MSK (History)
3 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry V. Levin 2019-04-09 17:12:50 MSK
4.0.3 -> 4.0.10
Comment 1 AEN 2019-04-09 18:10:38 MSK
Если с 4.0.3, то все же libtiff. libtiff5 нет в Сизифе.
Comment 2 Dmitry V. Levin 2019-04-09 18:40:12 MSK
Наша багзилла оперерирует собранными пакетами, а не исходными.
Собранный пакет сейчас называется libtiff5.
Когда-то давно был собранный пакет libtiff, в багзилле он остался.
Comment 3 Repository Robot 2019-04-10 03:21:53 MSK
libtiff- -> sisyphus:

Tue Apr 09 2019 Vladimir D. Seleznev <vseleznv@altlinux>
- Updated to v4.0.10-57-gf9fc01c3 (ALT #36575, #34677).
- Applied SUSE patches:
  + tiff-4.0.3-seek.patch;
  + tiff-4.0.3-compress-warning.patch;
  + tiff-CVE-2018-12900.patch.
- Built with support of:
  + libjbig;
  + libwebp;
  + libzstd.
- Fixes:
  + CVE-2012-4564 Zero size buffer exploit in ppm2tiff;
  + CVE-2013-1960 Heap-based buffer overflow in the t2p_process_jpeg_strip();
  + CVE-2013-4232 Use-after-free vulnerability in the t2p_readwrite_pdf_image();
  + CVE-2013-4243 Heap-based buffer overflow in the readgifimage();
  + CVE-2013-4244 DoS or possible RCE via crafted GIF image;
  + CVE-2014-8127 Out-of-bounds read with malformed TIFF image in multiple tool;
  + CVE-2014-8129 Out-of-bounds read/write with malformed TIFF image in tiff2pdf;
  + CVE-2014-8130 Divide-by-zero error in _TIFFmalloc();
  + CVE-2014-9330 Integer overflow in tif_packbits.c in bmp2tif;
  + CVE-2015-8870 Integer overflow in tools/bmp2tiff.c (DoS or information leak);
  + CVE-2018-5360 Heap-based buffer overflow in the ReadTIFFImage().