Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: swap links2 bug back, new elinks bug

Antoine Beaupré Mon, 05 Mar 2018 06:44:49 -0800

On 2018-03-05 17:03:23, Brian May wrote:
> Antoine Beaupré <anar...@debian.org> writes:
>
>> +tiff
>> +  NOTE: incomplete fix of CVE-2017-18013
>> +--
>
> Hello,
>
> Is there any information available as to why this was an incomplete fix?


This is a reference to CVE-2018-7456, which reads:

    A NULL Pointer Dereference occurs in the function TIFFPrintDirectory
    in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to
    print crafted TIFF information, a different vulnerability than
    CVE-2017-18013. (This affects an earlier part of the
    TIFFPrintDirectory function that was not addressed by the
    CVE-2017-18013 patch.)

https://security-tracker.debian.org/tracker/CVE-2018-7456

Does that answer your question?

A.

-- 
L'homme construit des maisons parce qu'il est vivant, mais il écrit des
livres parce qu'il se sait mortel.
                        - Daniel Pennac, Comme un roman

Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: swap links2 bug back, new elinks bug

Reply via email to