Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Apr 2016 07:00:50 +0000
From: 鐜嬫 <wangmei@....cn>
To: Alan Coopersmith <alan.coopersmith@...cle.com>
CC: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the
 bmp2tiff tool

Thanks for pointing out the mistake. 

CVE-2016-3619: https://bugzilla.redhat.com/show_bug.cgi?id=1316569


> 在 2016年4月8日,下午2:00,Alan Coopersmith <alan.coopersmith@...cle.com> 写道:
> 
> On 04/ 7/16 12:32 AM, 王梅 wrote:
>> Details
>> =======
>> 
>> Product: libtiff
>> Affected Versions: <= 4.0.6
>> Vulnerability Type: Out-of-bounds Read
>> Vendor URL: http://www.libtiff.org/
>> CVE ID: CVE-2016-3619
>> Credit: Mei Wang of the Cloud Security Team, Qihoo 360
> 
>> References:
>> [1] http://www.remotesensing.org/libtiff/
>> [2] http://bugzilla.maptools.org/buglist.cgi?product=libtiff
> 
> Instead of pointing to a list of 305 bugs, please just provide a link to the bug
> you filed for each issue so it's easier for distros to check the progress of the
> fix.
> 
> -- 
> 	-Alan Coopersmith-              alan.coopersmith@...cle.com
> 	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ