Date: Fri, 8 Apr 2016 13:28:35 -0700 From: Alan Coopersmith <alan.coopersmith@...cle.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool That's a bug against Red Hat's distro - not the upstream libtiff project. Did you not report these to libtiff upstream yet? -alan- On 04/ 8/16 12:00 AM, 王梅 wrote: > Thanks for pointing out the mistake. > > CVE-2016-3619: https://bugzilla.redhat.com/show_bug.cgi?id=1316569 > > >> 在 2016年4月8日，下午2:00，Alan Coopersmith <alan.coopersmith@...cle.com> 写道： >> >> On 04/ 7/16 12:32 AM, 王梅 wrote: >>> Details >>> ======= >>> >>> Product: libtiff >>> Affected Versions: <= 4.0.6 >>> Vulnerability Type: Out-of-bounds Read >>> Vendor URL: http://www.libtiff.org/ >>> CVE ID: CVE-2016-3619 >>> Credit: Mei Wang of the Cloud Security Team, Qihoo 360 >> >>> References: >>>  http://www.remotesensing.org/libtiff/ >>>  http://bugzilla.maptools.org/buglist.cgi?product=libtiff >> >> Instead of pointing to a list of 305 bugs, please just provide a link to the bug >> you filed for each issue so it's easier for distros to check the progress of the >> fix. >> >> -- >> -Alan Coopersmith- alan.coopersmith@...cle.com >> Oracle Solaris Engineering - http://blogs.oracle.com/alanc >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ