Bug 147900 - grahics/tiff Fix Integer overflows
Summary: grahics/tiff Fix Integer overflows
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Dirk Meyer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-16 07:10 UTC by dirk.meyer
Modified: 2010-06-16 10:40 UTC (History)
0 users

See Also:


Attachments
file.diff (1.11 KB, patch)
2010-06-16 07:10 UTC, dirk.meyer
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description dirk.meyer 2010-06-16 07:10:03 UTC
	Fixes for CVE-2009-2347 in tiff2rgba
	Integer overflows in various inter-color space conversion tools

	http://www.remotesensing.org/libtiff/v3.9.4.html

	The code of the shared lib is not affected.
	Therefor the Fix is not urgent.

Fix: Impact: dependend packages will need a rfebuild,
	to have the new version number recorden in dependency.

	Please approve the patch below.
How-To-Repeat: 
	Update needs appoval from portmrg@
Comment 1 Dirk Meyer freebsd_committer 2010-06-16 07:59:29 UTC
Responsible Changed
From-To: freebsd-ports-bugs->portmgr

packagebuild for 8.1 affected
Comment 2 Pav Lucistnik freebsd_committer 2010-06-16 08:35:13 UTC
Responsible Changed
From-To: portmgr->dinoex

Slush haven't started yet, this does not need portmgr approval if committed before Friday noon
Comment 3 dfilter service freebsd_committer 2010-06-16 10:34:59 UTC
dinoex      2010-06-16 09:32:43 UTC

  FreeBSD ports repository

  Modified files:
    graphics/tiff        Makefile distinfo 
  Log:
  - Security update to 3.9.4 to fix tiff2rgba
  Security: http://www.remotesensing.org/libtiff/v3.9.4.html
  Security: http://www.ocert.org/advisories/ocert-2009-012.html
  Security: CVE-2009-2347
  PR:             147900
  
  Revision  Changes    Path
  1.76      +1 -1      ports/graphics/tiff/Makefile
  1.29      +3 -3      ports/graphics/tiff/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Dirk Meyer freebsd_committer 2010-06-16 10:36:39 UTC
State Changed
From-To: open->closed

committed, thanks.