Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability roundup 51: libtiff-4.0.9 #49786

Closed
3 tasks
ckauhaus opened this issue Nov 5, 2018 · 4 comments
Closed
3 tasks

Vulnerability roundup 51: libtiff-4.0.9 #49786

ckauhaus opened this issue Nov 5, 2018 · 4 comments
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one

Comments

@ckauhaus
Copy link
Contributor

ckauhaus commented Nov 5, 2018

libtiff-4.0.9: 3 advisories

search, files
@andir andir added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Nov 5, 2018
@andrew-d andrew-d mentioned this issue Nov 7, 2018
Merged
9 tasks
andrew-d added a commit to andrew-d/nixpkgs that referenced this issue Nov 7, 2018
@andrew-d
libtiff: 4.0.9 -> 2018-11-04
3137c60 
This includes a bunch of security fixes (NixOS#49786), and mimics what Debian
has done in moving to a git snapshot instead of a released version +
backported security patches.
@ckauhaus
Copy link
Contributor Author

libtiff-4.0.10 has been released @andrew-d

@andrew-d andrew-d mentioned this issue Nov 27, 2018
Closed
10 tasks
Ekleog pushed a commit that referenced this issue Nov 28, 2018
@andrew-d @Ekleog
libtiff: 4.0.9 -> 2018-11-04
76fc36f 
This includes a bunch of security fixes (#49786), and mimics what Debian
has done in moving to a git snapshot instead of a released version +
backported security patches.

(cherry picked from commit 3137c60)
@vcunat
Copy link
Member

vcunat commented Jan 14, 2019

We have 4.0.10 in both active branches, but I've been unable to find a convincing claim that the update fixed (some of) these three CVEs. (They're tagged by == 4.0.9 on NVD, but I don't know...)

@ckauhaus
Copy link
Contributor Author

Version tags in the NVD are not always of high quality.

@ckauhaus
Copy link
Contributor Author

obsolete: 19.03 ships libtiff-4.0.10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andir @ckauhaus @vcunat