oss-sec mailing list archives
Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Fri, 8 Apr 2016 13:28:35 -0700
That's a bug against Red Hat's distro - not the upstream libtiff project. Did you not report these to libtiff upstream yet? -alan- On 04/ 8/16 12:00 AM, 王梅 wrote:
Thanks for pointing out the mistake. CVE-2016-3619: https://bugzilla.redhat.com/show_bug.cgi?id=1316569在 2016年4月8日,下午2:00,Alan Coopersmith <alan.coopersmith () oracle com> 写道: On 04/ 7/16 12:32 AM, 王梅 wrote:Details ======= Product: libtiff Affected Versions: <= 4.0.6 Vulnerability Type: Out-of-bounds Read Vendor URL: http://www.libtiff.org/ CVE ID: CVE-2016-3619 Credit: Mei Wang of the Cloud Security Team, Qihoo 360References: [1] http://www.remotesensing.org/libtiff/ [2] http://bugzilla.maptools.org/buglist.cgi?product=libtiffInstead of pointing to a list of 305 bugs, please just provide a link to the bug you filed for each issue so it's easier for distros to check the progress of the fix. -- -Alan Coopersmith- alan.coopersmith () oracle com Oracle Solaris Engineering - http://blogs.oracle.com/alanc
Current thread:
- CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅 (Apr 07)
- Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool Alan Coopersmith (Apr 07)
- Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅 (Apr 08)
- Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool Alan Coopersmith (Apr 09)
- Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅 (Apr 08)
- Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool Alan Coopersmith (Apr 07)