Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libtiff: Multiple Security Vulnerabilities on current 4.4.0 #4616

Open
CamberLoid opened this issue Jul 10, 2023 · 0 comments
Open

libtiff: Multiple Security Vulnerabilities on current 4.4.0 #4616

CamberLoid opened this issue Jul 10, 2023 · 0 comments
Assignees
@CamberLoid
Labels
0day Topic/issue involves a 0-day security issue and must be addressed immediately security Topic/issue involves a security issue/fixed

Comments

@CamberLoid
Copy link
Member

CamberLoid commented Jul 10, 2023
edited

CVE IDs

CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-48281, CVE-2023-30775, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-30774, CVE-2023-30775

Other security advisory IDs

Debian:

Description

Affected packages:

  • libtiff: 4.4.0 + patchset
  • libtiff+32

Severity

High, potential 0-day (CVE-2022-3970)

Patches

Update to 4.5.1

PoC(s)

See original bug reports.
@CamberLoid CamberLoid added security Topic/issue involves a security issue/fixed 0day Topic/issue involves a 0-day security issue and must be addressed immediately 2023h1 labels Jul 10, 2023
@CamberLoid CamberLoid self-assigned this Jul 10, 2023
@CamberLoid CamberLoid added this to the Semi-Annually Security Survey 2023H1 milestone Jul 10, 2023
CamberLoid added a commit that referenced this issue Jul 11, 2023
@CamberLoid
[WIP] libtiff: update to 4.5.1, security #4616
78307a3 
* Switch to cmakeninja, which is faster than GNU autotools;
* Drop upstream-merged patches;
* sover bumped and breaks API. Massive rebuilds required.

Signed-off-by: Camber Huang <camber@poi.science>
@CamberLoid CamberLoid mentioned this issue Jul 11, 2023
Open
7 tasks
CamberLoid added a commit that referenced this issue Jul 11, 2023
@CamberLoid
[WIP] libtiff: update to 4.5.1, security #4616
3cdfb76 
* Switch to cmakeninja, which is faster than GNU autotools;
* Drop upstream-merged patches;
* sover bumped and breaks API. Massive rebuilds required.

Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid added a commit that referenced this issue Jul 11, 2023
@CamberLoid
[WIP] libtiff: update to 4.5.1, security #4616
8f3f8a0 
* Switch to cmakeninja, which is faster than GNU autotools;
* Drop upstream-merged patches;
* sover bumped and breaks API. Massive rebuilds required.

Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid added a commit that referenced this issue Jul 26, 2023
@CamberLoid
[WIP] libtiff: update to 4.5.1, security #4616
5236ea6 
* Switch to cmakeninja, which is faster than GNU autotools;
* Drop upstream-merged patches;
* sover bumped and breaks API. Massive rebuilds required.

Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid added a commit that referenced this issue Aug 11, 2023
@CamberLoid
[WIP] libtiff: update to 4.5.1, security #4616
9262b3b 
* Switch to cmakeninja, which is faster than GNU autotools;
* Drop upstream-merged patches;
* sover bumped and breaks API. Massive rebuilds required.

Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid added a commit that referenced this issue Aug 15, 2023
@CamberLoid
[WIP] libtiff: update to 4.5.1, security #4616
b34d80e 
* Switch to cmakeninja, which is faster than GNU autotools;
* Drop upstream-merged patches;
* sover bumped and breaks API. Massive rebuilds required.

Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid added a commit that referenced this issue Sep 17, 2023
@CamberLoid
libtiff: update to 4.5.1, security #4616
fb83d18 
* Switch to cmakeninja, which is faster than GNU autotools;
* Drop upstream-merged patches;
* sover bumped and breaks API. Massive rebuilds required.

Signed-off-by: Camber Huang <camber@poi.science>
jiegec pushed a commit that referenced this issue Feb 27, 2024
@CamberLoid @jiegec
libtiff: update to 4.5.1, security #4616
1074d2a 
* Switch to cmakeninja, which is faster than GNU autotools;
* Drop upstream-merged patches;
* sover bumped and breaks API. Massive rebuilds required.

Signed-off-by: Camber Huang <camber@poi.science>
@MingcongBai MingcongBai removed this from the Semi-Annually Security Survey 2023H1 milestone Mar 4, 2024
@MingcongBai MingcongBai removed the 2023h1 label Mar 7, 2024
jiegec pushed a commit that referenced this issue Apr 4, 2024
@CamberLoid @jiegec
libtiff: update to 4.6.0, security #4616
f637b9a 
* Drop upstream-merged patches;
* sover bumped and breaks API. Massive rebuilds required.

Signed-off-by: Camber Huang <camber@poi.science>
jiegec pushed a commit that referenced this issue Apr 5, 2024
@CamberLoid @jiegec
libtiff: update to 4.6.0, security #4616
fd893b9 
* Drop upstream-merged patches;
* sover bumped and breaks API. Massive rebuilds required.

Signed-off-by: Camber Huang <camber@poi.science>
jiegec pushed a commit that referenced this issue Apr 13, 2024
@CamberLoid @jiegec
libtiff: update to 4.6.0, security #4616
f0a91ab 
* Drop upstream-merged patches;
* sover bumped and breaks API. Massive rebuilds required.

Signed-off-by: Camber Huang <camber@poi.science>
jiegec pushed a commit that referenced this issue Apr 25, 2024
@CamberLoid @jiegec
libtiff: update to 4.6.0, security #4616
49fbca6 
* Drop upstream-merged patches;
* sover bumped and breaks API. Massive rebuilds required.

Signed-off-by: Camber Huang <camber@poi.science>
jiegec pushed a commit that referenced this issue May 7, 2024
@CamberLoid @jiegec
libtiff: update to 4.6.0, security #4616
db89cfb 
* Drop upstream-merged patches;
* sover bumped and breaks API. Massive rebuilds required.

Signed-off-by: Camber Huang <camber@poi.science>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CamberLoid CamberLoid

Labels
0day Topic/issue involves a 0-day security issue and must be addressed immediately security Topic/issue involves a security issue/fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MingcongBai @CamberLoid