[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tiff / tiff3 / CVE-2015-7554 / CVE-2016-5318

On Thu, 15 Sep 2016, Brian May wrote:
> Salvatore Bonaccorso <carnil@debian.org> writes:
> 
> > Minor comment: if you are sure that those are duplicates you might try
> > to contact MITRE to made them aware.
> 
> I was just going based on what others have said, e.g. in the linked
> reports. Would hope that one of them has already contacted MITRE...

I added the comment that the issues were likely duplicate. Like I
explained on the upstream ticket, the crash is on the exact same line
so the problem is the same but maybe the reasons we get into the
problematic situation are different (this I don't know since I did not
trace the execution path to compare).

In any case I did not contact MITRE about this as I was not sure
if the underlying problem was the same (even though the crash is the
same).

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Reply to: