Source: tiff Version: 4.0.3-12 Severity: grave Tags: security upstream Justification: user security hole
Hi, the following vulnerabilities were published for tiff. CVE-2014-8127[0]: various out-of-bound reads CVE-2014-8128[1]: various out-of-bounds write CVE-2014-8129[2]: various out-of-bound read and write CVE-2014-8130[3]: divide by zero If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. Note that at the time of the advisory, for three of the reported issues, there was not fix in CVS HEAD yet. The individual bugs are also linked from the security-tracker. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8127 http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt [1] https://security-tracker.debian.org/tracker/CVE-2014-8128 http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt [2] https://security-tracker.debian.org/tracker/CVE-2014-8129 http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt [3] https://security-tracker.debian.org/tracker/CVE-2014-8130 http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt [4] http://www.openwall.com/lists/oss-security/2015/01/24/15 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
