Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote: > 3.8.0 seems to have introduced two regressions that have DoS potential: > > | The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 > | allows remote attackers to cause a denial of service (application > | crash) via a crafted TIFF image that triggers a NULL pointer > | dereference, possibly due to changes in type declarations and/or > | the TIFFVSetField function. > > http://bugzilla.remotesensing.org/show_bug.cgi?id=1029 > http://bugzilla.remotesensing.org/show_bug.cgi?id=1034 > > oldstable and stable do not seem to be affected, can you please verify/ > confirm? > > This is CVE-2006-0405, please mention it in the changelog when fixing it.
As far as I can tell, a satisfactory patch has not been attached to one of these bug reports. The patches that are included there all seem to have later been demonstrated to cause other problems, and none of them have been blessed by the upstream maintainers. For now, I have subscribed myself to the two bugs in upstream's bugzilla so I can monitor this and include a patch into the debian package as soon as one is generated. I may even be able to study the problem myself, but not before the weekend. Please let me know if you feel that there's something else I should do beyond this. If you think this problem is significant enough to prevent tiff from migrating to testing, the severity can be updated to serious, but either way, I'll keep watching the issue and upload a fixed version as soon as a fix is available. Thanks for the report. -- Jay Berkenbilt <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
