[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/1] gnu: libtiff: Fix CVE-2016-{10092, 10093, 10094} and oth
From: |
Ludovic Courtès |
Subject: |
Re: [PATCH 1/1] gnu: libtiff: Fix CVE-2016-{10092, 10093, 10094} and others. |
Date: |
Tue, 10 Jan 2017 22:43:34 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Leo Famulari <address@hidden> skribis:
> * gnu/packages/patches/libtiff-CVE-2016-10092.patch,
> gnu/packages/patches/libtiff-CVE-2016-10093.patch,
> gnu/packages/patches/libtiff-CVE-2016-10094.patch,
> gnu/packages/patches/libtiff-assertion-failure.patch,
> gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch,
> gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch,
> gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch,
> gnu/packages/patches/libtiff-divide-by-zero.patch,
> gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch,
> gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch,
> gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch,
> gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch,
> gnu/packages/patches/libtiff-invalid-read.patch,
> gnu/packages/patches/libtiff-null-dereference.patch,
> gnu/packages/patches/libtiff-tiffcp-underflow.patch: New files.
> * gnu/local.mk (dist_patch_DATA): Add them.
> * gnu/packages/image.scm (libtiff)[replacement]: New field.
> (libtiff/fixed): New variable.
Impressive list (most from oss-sec on Jan. 1st, right?).
I skimmed over the patches; some are obvious, others much less, but I
didn’t notice anything suspicious. I’d say go for it.
Thanks *a lot* for taking the time to prepare this patch!
Ludo’.