205923 – graphics/tiff: Add patches for CVE-2015-8665, CVE-2015-8683 and other vulnerabilities

Bug 205923 - graphics/tiff: Add patches for CVE-2015-8665, CVE-2015-8683 and other vulnerabilities

Summary: graphics/tiff: Add patches for CVE-2015-8665, CVE-2015-8683 and other vulnera...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Raphael Kubo da Costa

URL:
Keywords:	security

Depends on:
Blocks:

Reported:	2016-01-05 14:34 UTC by Raphael Kubo da Costa
Modified:	2016-01-05 15:07 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	antoine: maintainer-feedback+ rakuco: merge-quarterly+

Attachments
Proposed patch (13.52 KB, patch) 2016-01-05 14:34 UTC, Raphael Kubo da Costa	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Raphael Kubo da Costa freebsd_committer

2016-01-05 14:34:53 UTC

Created attachment 165108 [details]
Proposed patch

The attached patch contains fixes (obtained from libtiff's CVS repository) fixing CVE-2015-8665, CVE-2015-8683 and some out-of-bounds vulnerabilities with no corresponding CVEs. Debian is also shipping these changes.

Comment 1 Antoine Brodin freebsd_committer

2016-01-05 14:52:27 UTC

looks good

Comment 2 commit-hook freebsd_committer

2016-01-05 15:05:35 UTC

A commit references this bug:

Author: rakuco
Date: Tue Jan  5 15:04:58 UTC 2016
New revision: 405294
URL: https://svnweb.freebsd.org/changeset/ports/405294

Log:
  Add fixes for CVE-2015-8665, CVE-2015-8683 and other vulnerabilities.

  Besides fixing the two CVEs mentioned above, this change also pulls two
  other commits from libtiff upstream fixing other out-of-bounds reads that do
  not have corresponding CVEs and were reported directly in libtiff's bug
  tracker.

  PR:		205923
  Approved by:	portmgr (antoine)
  Obtained from:	libtiff CVS repository
  Security:	b65e4914-b3bc-11e5-8255-5453ed2e2b49
  Security:	bd349f7a-b3b9-11e5-8255-5453ed2e2b49

Changes:
  head/graphics/tiff/Makefile
  head/graphics/tiff/files/patch-CVE-2015-8665_8683
  head/graphics/tiff/files/patch-libtiff_tif__luv.c
  head/graphics/tiff/files/patch-libtiff_tif__next.c

Comment 3 commit-hook freebsd_committer

2016-01-05 15:06:37 UTC

A commit references this bug:

Author: rakuco
Date: Tue Jan  5 15:06:08 UTC 2016
New revision: 405295
URL: https://svnweb.freebsd.org/changeset/ports/405295

Log:
  MFH: r405294

  Add fixes for CVE-2015-8665, CVE-2015-8683 and other vulnerabilities.

  Besides fixing the two CVEs mentioned above, this change also pulls two
  other commits from libtiff upstream fixing other out-of-bounds reads that do
  not have corresponding CVEs and were reported directly in libtiff's bug
  tracker.

  PR:		205923
  Approved by:	portmgr (antoine)
  Obtained from:	libtiff CVS repository
  Security:	b65e4914-b3bc-11e5-8255-5453ed2e2b49
  Security:	bd349f7a-b3b9-11e5-8255-5453ed2e2b49

  Approved by:	portmgr blanket

Changes:
_U  branches/2016Q1/
  branches/2016Q1/graphics/tiff/Makefile
  branches/2016Q1/graphics/tiff/files/patch-CVE-2015-8665_8683
  branches/2016Q1/graphics/tiff/files/patch-libtiff_tif__luv.c
  branches/2016Q1/graphics/tiff/files/patch-libtiff_tif__next.c