Bug 147811 - grahics/tiff FAX3 decoder buffer overrun
Summary: grahics/tiff FAX3 decoder buffer overrun
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Dirk Meyer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-12 13:20 UTC by dirk.meyer
Modified: 2010-06-12 17:50 UTC (History)
0 users

See Also:

Attachments
file.diff (1.38 KB, patch)
2010-06-12 13:20 UTC, dirk.meyer 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description dirk.meyer 2010-06-12 13:20:02 UTC 
	Fixes for CVE-2010-1411.
	The first released patchset does not solve the problem.

	http://www.remotesensing.org/libtiff/v3.9.3.html

Fix: Please approve the patch below.
How-To-Repeat: 
	Update needs appoval from portmrg@
Comment 1 Dirk Meyer freebsd_committer freebsd_triage 2010-06-12 13:23:39 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->portmgr

needs approoval
Comment 2 Ion-Mihai "IOnut" Tetcu freebsd_committer freebsd_triage 2010-06-12 16:44:26 UTC 
Responsible Changed
From-To: portmgr->dinoex

Please add a VuXMl antry and then please commit.
Comment 3 dfilter service freebsd_committer freebsd_triage 2010-06-12 17:46:09 UTC 
dinoex      2010-06-12 16:45:42 UTC

  FreeBSD ports repository

  Modified files:
    graphics/tiff        Makefile distinfo 
  Log:
  - Security update to 3.8.3
  Security: CVE-2010-1411
  PR:             147811
  
  Revision  Changes    Path
  1.75      +1 -4      ports/graphics/tiff/Makefile
  1.28      +3 -3      ports/graphics/tiff/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Dirk Meyer freebsd_committer freebsd_triage 2010-06-12 17:46:16 UTC 
State Changed
From-To: open->closed

committed, thanks.