linux-tiff port update
Alexander Leidinger
Alexander at Leidinger.net
Sat Feb 26 14:10:22 GMT 2005
On Sat, 26 Feb 2005 22:48:08 +1030
Ian Moore <no-spam at swiftdsl.com.au> wrote:
> For 3.6.1_1 (the current port):
>
> ===> linux-tiff-3.6.1_1 has known vulnerabilities:
> => tiff -- tiffdump integer overflow vulnerability.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/8f86d8b5-6025-11d9-a9e7-0001020eed82.html>
Already fixed according to the CVS log (rev 1.10).
> => tiff -- directory entry count integer overflow vulnerability.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/fc7e6a42-6012-11d9-a9e7-0001020eed82.html>
Already fixed according to the CVS log (rev 1.10).
> => tiff -- multiple integer overflows.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/3897a2f8-1d57-11d9-bc4a-000c41e2cdad.html>
Already fixed according to the CVS log (rev 1.9).
> => tiff -- RLE decoder heap overflows.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/f6680c03-0bd8-11d9-8a8a-000c41e2cdad.html>
Already fixed according to the CVS log (rev 1.9).
Rev. 1.10 was committed at 20050114.
Hello security team, is this an error in the vuln.xml document or is the
commit log of the port-Makefile misleading (and Suse is still
vulnerable, since they don't offer newer packages)?
Bye,
Alexander.
--
To boldly go where I surely don't belong.
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
More information about the freebsd-emulation
mailing list