Mandriva issued this advisory on April 4: http://lists.mandriva.com/security-announce/2011-04/msg00006.php The other CVE was fixed in 3.9.5.
Hi, thanks for reporting this bug. As there is no maintainer for this package I added the committers in CC. (Please set the status to 'assigned' if you are working on it)
CC: (none) => fundawang, pterjan
Just a note that Mandriva shipped this patch with the libtiff 3.9.5 in Mandriva 2011.
pushed in the BS for updates_testing
CC: (none) => dmorganecAssignee: bugsquad => qa-bugs
Tested on i586 by opening a TIFF file in the GIMP which uses libtiff. Looks good.
Tested complete the srpm libtiff-3.9.5-1.1.mga1.src.rpm on Mageia release 1 (Official) for x86_64 ,works too when I open a TIFF file with Gimp.
CC: (none) => geiger.david68210
Validating Advisory --------------- This update corrects CVE-2011-0191 Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0191 --------------- SRPM: libtiff-3.9.5-1.1.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED