Bug 12556 - (int-178734) libtiff: Various vulnerabilites (CVE)
(int-178734)
: libtiff: Various vulnerabilites (CVE)
Status: NEW
Product: Maemo 5 Community SSU
general
: testing
: N900 Maemo
: Unspecified major (vote)
: ---
Assigned To: unassigned
: general
:
: security
:
:
  Show dependency tree
 
Reported: 2012-01-21 18:55 UTC by Andre Klapper
Modified: 2012-08-10 15:31 UTC (History)
0 users (show)

See Also:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description Andre Klapper (reporter) maemo.org 2012-01-21 18:55:20 UTC
SOFTWARE VERSION:
21.2011.38-1Tmaemo1.2 (17.01.2012)
libtiff4 1:3.8.2-11maemo5+0m5 as officially shipped

DESCRIPTION:
See
* https://www.redhat.com/security/data/cve/CVE-2006-2193.html
* https://www.redhat.com/security/data/cve/CVE-2009-2285.html
* https://www.redhat.com/security/data/cve/CVE-2009-2347.html
* https://www.redhat.com/security/data/cve/CVE-2010-2481.html
* https://www.redhat.com/security/data/cve/CVE-2010-2482.html
* https://www.redhat.com/security/data/cve/CVE-2010-4665.html
* https://www.redhat.com/security/data/cve/CVE-2011-0192.html
* https://www.redhat.com/security/data/cve/CVE-2011-1167.html
These only mention 3.9.0 and 3.9.2 so not sure if they apply:
* https://www.redhat.com/security/data/cve/CVE-2010-2595.html
* https://www.redhat.com/security/data/cve/CVE-2010-2597.html
* https://www.redhat.com/security/data/cve/CVE-2010-3087.html

UPSTREAM REPORTS AND PATCHES:
* CVE-2006-2193: http://bugzilla.maptools.org/show_bug.cgi?id=1894
* CVE-2009-2285: http://bugzilla.maptools.org/show_bug.cgi?id=1985
* CVE-2009-2347: http://bugzilla.maptools.org/show_bug.cgi?id=2079
* CVE-2010-2481: http://bugzilla.maptools.org/show_bug.cgi?id=2210
* CVE-2010-2482: http://bugzilla.maptools.org/show_bug.cgi?id=1996#c13
* CVE-2010-4665: http://bugzilla.maptools.org/show_bug.cgi?id=2218
* CVE-2010-2595: http://bugzilla.maptools.org/show_bug.cgi?id=2208
* CVE-2010-2597: http://bugzilla.maptools.org/show_bug.cgi?id=2215
These only mention 3.9.0 and 3.9.2 so not sure if they apply:
* CVE-2010-3087: http://bugzilla.maptools.org/show_bug.cgi?id=2140
* CVE-2011-0192: http://bugzilla.maptools.org/show_bug.cgi?id=2297#c7
* CVE-2011-1167: http://bugzilla.maptools.org/show_bug.cgi?id=2300

OTHER COMMENTS:
CVE-2009-5022, CVE-2010-2443 and CVE-2010-2596 do not apply as OJPEG_SUPPORT is
disabled.
Comment 1 Andre Klapper (reporter) maemo.org 2012-07-23 15:31:00 UTC
Plus libtiff 4.0.2 fixes CVE-2012-1173 (though maybe only 3.9.4 is affected?)
and CVE-2012-2113, compared to 4.0.1.