[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: swap links2 bug back, new elinks bug

On 2018-03-05 17:03:23, Brian May wrote:
> Antoine Beaupré <anarcat@debian.org> writes:
>
>> +tiff
>> +  NOTE: incomplete fix of CVE-2017-18013
>> +--
>
> Hello,
>
> Is there any information available as to why this was an incomplete fix?

This is a reference to CVE-2018-7456, which reads:

    A NULL Pointer Dereference occurs in the function TIFFPrintDirectory
    in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to
    print crafted TIFF information, a different vulnerability than
    CVE-2017-18013. (This affects an earlier part of the
    TIFFPrintDirectory function that was not addressed by the
    CVE-2017-18013 patch.)

https://security-tracker.debian.org/tracker/CVE-2018-7456

Does that answer your question?

A.

-- 
L'homme construit des maisons parce qu'il est vivant, mais il écrit des
livres parce qu'il se sait mortel.
                        - Daniel Pennac, Comme un roman
Reply to: