Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 8 Apr 2016 13:28:35 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the
 bmp2tiff tool

That's a bug against Red Hat's distro - not the upstream libtiff project.
Did you not report these to libtiff upstream yet?

	-alan-

On 04/ 8/16 12:00 AM, 王梅 wrote:
> Thanks for pointing out the mistake.
>
> CVE-2016-3619: https://bugzilla.redhat.com/show_bug.cgi?id=1316569
>
>
>> 在 2016年4月8日,下午2:00,Alan Coopersmith <alan.coopersmith@...cle.com> 写道:
>>
>> On 04/ 7/16 12:32 AM, 王梅 wrote:
>>> Details
>>> =======
>>>
>>> Product: libtiff
>>> Affected Versions: <= 4.0.6
>>> Vulnerability Type: Out-of-bounds Read
>>> Vendor URL: http://www.libtiff.org/
>>> CVE ID: CVE-2016-3619
>>> Credit: Mei Wang of the Cloud Security Team, Qihoo 360
>>
>>> References:
>>> [1] http://www.remotesensing.org/libtiff/
>>> [2] http://bugzilla.maptools.org/buglist.cgi?product=libtiff
>>
>> Instead of pointing to a list of 305 bugs, please just provide a link to the bug
>> you filed for each issue so it's easier for distros to check the progress of the
>> fix.
>>
>> --
>> 	-Alan Coopersmith-              alan.coopersmith@...cle.com
>> 	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc
>


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ