From owner-freebsd-emulation@FreeBSD.ORG  Sat Feb 26 14:10:22 2005
Return-Path: <owner-freebsd-emulation@FreeBSD.ORG>
Delivered-To: freebsd-emulation@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5365C16A4CE; Sat, 26 Feb 2005 14:10:22 +0000 (GMT)
Received: from mailout06.sul.t-online.com (mailout06.sul.t-online.com
	[194.25.134.19])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 8CB1243D39; Sat, 26 Feb 2005 14:10:21 +0000 (GMT)
	(envelope-from Alexander@Leidinger.net)
Received: from fwd04.aul.t-online.de 
	by mailout06.sul.t-online.com with smtp 
	id 1D52eA-0002gU-00; Sat, 26 Feb 2005 15:10:18 +0100
Received: from Andro-Beta.Leidinger.net
	(S+6G1MZJZeYA7yccN6VR8usN1hl40ACk4EyBPXKgZIjxAm8jxWo3on@[217.83.30.216]) by
	fmrl04.sul.t-online.com
	with esmtp id 1D52e9-11h1MG0; Sat, 26 Feb 2005 15:10:17 +0100
Received: from Magellan.Leidinger.net (Magellan.Leidinger.net [192.168.1.1])
	j1QE9Vm0040806;	Sat, 26 Feb 2005 15:09:31 +0100 (CET)
	(envelope-from Alexander@Leidinger.net)
Date: Sat, 26 Feb 2005 15:11:13 +0100
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Ian Moore <no-spam@swiftdsl.com.au>
Message-ID: <20050226151113.00ec3099@Magellan.Leidinger.net>
In-Reply-To: <200502262248.16121.no-spam@swiftdsl.com.au>
References: <200502191157.06108.no-spam@swiftdsl.com.au>
	<20050226124625.5a336b16@Magellan.Leidinger.net>
	<200502262248.16121.no-spam@swiftdsl.com.au>
X-Mailer: Sylpheed-Claws 1.0.1 (GTK+ 1.2.10; i386-portbld-freebsd6.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-ID: S+6G1MZJZeYA7yccN6VR8usN1hl40ACk4EyBPXKgZIjxAm8jxWo3on@t-dialin.net
X-TOI-MSGID: af727337-3bb5-4085-9cd6-7bc48b76d2f9
cc: freebsd-emulation@freebsd.org
cc: security@freebsd.org
Subject: Re: linux-tiff port update
X-BeenThere: freebsd-emulation@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Development of Emulators of other operating systems
	<freebsd-emulation.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-emulation>,
	<mailto:freebsd-emulation-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-emulation>
List-Post: <mailto:freebsd-emulation@freebsd.org>
List-Help: <mailto:freebsd-emulation-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-emulation>,
	<mailto:freebsd-emulation-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Feb 2005 14:10:22 -0000

On Sat, 26 Feb 2005 22:48:08 +1030
Ian Moore <no-spam@swiftdsl.com.au> wrote:

> For 3.6.1_1 (the current port):
> 
> ===>  linux-tiff-3.6.1_1 has known vulnerabilities:
> => tiff -- tiffdump integer overflow vulnerability.
>    Reference: 
> <http://www.FreeBSD.org/ports/portaudit/8f86d8b5-6025-11d9-a9e7-0001020eed82.html>

Already fixed according to the CVS log (rev 1.10).

> => tiff -- directory entry count integer overflow vulnerability.
>    Reference: 
> <http://www.FreeBSD.org/ports/portaudit/fc7e6a42-6012-11d9-a9e7-0001020eed82.html>

Already fixed according to the CVS log (rev 1.10).

> => tiff -- multiple integer overflows.
>    Reference: 
> <http://www.FreeBSD.org/ports/portaudit/3897a2f8-1d57-11d9-bc4a-000c41e2cdad.html>

Already fixed according to the CVS log (rev 1.9).

> => tiff -- RLE decoder heap overflows.
>    Reference: 
> <http://www.FreeBSD.org/ports/portaudit/f6680c03-0bd8-11d9-8a8a-000c41e2cdad.html>

Already fixed according to the CVS log (rev 1.9).


Rev. 1.10 was committed at 20050114.

Hello security team, is this an error in the vuln.xml document or is the
commit log of the port-Makefile misleading (and Suse is still
vulnerable, since they don't offer newer packages)?

Bye,
Alexander.

-- 
              To boldly go where I surely don't belong.

http://www.Leidinger.net                       Alexander @ Leidinger.net
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7