Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: swap links2 bug back, new elinks bug
On 2018-03-05 17:03:23, Brian May wrote:
> Antoine Beaupré <anarcat@debian.org> writes:
>
>> +tiff
>> + NOTE: incomplete fix of CVE-2017-18013
>> +--
>
> Hello,
>
> Is there any information available as to why this was an incomplete fix?
This is a reference to CVE-2018-7456, which reads:
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory
in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to
print crafted TIFF information, a different vulnerability than
CVE-2017-18013. (This affects an earlier part of the
TIFFPrintDirectory function that was not addressed by the
CVE-2017-18013 patch.)
https://security-tracker.debian.org/tracker/CVE-2018-7456
Does that answer your question?
A.
--
L'homme construit des maisons parce qu'il est vivant, mais il écrit des
livres parce qu'il se sait mortel.
- Daniel Pennac, Comme un roman
Reply to: