24748 – libtiff possible security issue CVE-2016-5102

Bug 24748 - libtiff possible security issue CVE-2016-5102

Summary: libtiff possible security issue CVE-2016-5102

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Nicolas Salguero
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2019-05-03 20:31 CEST by David Walser
Modified:	2019-05-06 12:21 CEST (History)
CC List:	0 users

See Also:
Source RPM:	libtiff-4.0.10-1.git20190219.1.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-05-03 20:31:19 CEST

SUSE has issued an advisory on April 1:
http://lists.suse.com/pipermail/sle-security-updates/2019-April/005277.html

I'm not sure when or if the fix was included upstream, but the fix is in:
https://bugzilla.suse.com/show_bug.cgi?id=983268

Comment 1 Nicolas Salguero 2019-05-06 12:21:55 CEST

Hi,

CVE-2016-5102 is an issue in "gif2tiff" tool which was removed from libtiff in version 4.0.7 so Mageia 6 is not affected.

Best regards,

Nico.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.