Date: Sat, 26 Feb 2005 15:11:13 +0100 From: Alexander Leidinger <Alexander@Leidinger.net> To: Ian Moore <no-spam@swiftdsl.com.au> Cc: security@freebsd.org Subject: Re: linux-tiff port update Message-ID: <20050226151113.00ec3099@Magellan.Leidinger.net> In-Reply-To: <200502262248.16121.no-spam@swiftdsl.com.au> References: <200502191157.06108.no-spam@swiftdsl.com.au> <20050226124625.5a336b16@Magellan.Leidinger.net> <200502262248.16121.no-spam@swiftdsl.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 26 Feb 2005 22:48:08 +1030 Ian Moore <no-spam@swiftdsl.com.au> wrote: > For 3.6.1_1 (the current port): > > ===> linux-tiff-3.6.1_1 has known vulnerabilities: > => tiff -- tiffdump integer overflow vulnerability. > Reference: > <http://www.FreeBSD.org/ports/portaudit/8f86d8b5-6025-11d9-a9e7-0001020eed82.html>; Already fixed according to the CVS log (rev 1.10). > => tiff -- directory entry count integer overflow vulnerability. > Reference: > <http://www.FreeBSD.org/ports/portaudit/fc7e6a42-6012-11d9-a9e7-0001020eed82.html>; Already fixed according to the CVS log (rev 1.10). > => tiff -- multiple integer overflows. > Reference: > <http://www.FreeBSD.org/ports/portaudit/3897a2f8-1d57-11d9-bc4a-000c41e2cdad.html>; Already fixed according to the CVS log (rev 1.9). > => tiff -- RLE decoder heap overflows. > Reference: > <http://www.FreeBSD.org/ports/portaudit/f6680c03-0bd8-11d9-8a8a-000c41e2cdad.html>; Already fixed according to the CVS log (rev 1.9). Rev. 1.10 was committed at 20050114. Hello security team, is this an error in the vuln.xml document or is the commit log of the port-Makefile misleading (and Suse is still vulnerable, since they don't offer newer packages)? Bye, Alexander. -- To boldly go where I surely don't belong. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050226151113.00ec3099>