[Bug 1011103] New: VUL-0: CVE-2016-9448: CVE-2016-9297 LibTIFF regression

http://bugzilla.opensuse.org/show_bug.cgi?id=1011103 Bug ID: 1011103 Summary: VUL-0: CVE-2016-9448: CVE-2016-9297 LibTIFF regression Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Reference: [1] http://seclists.org/oss-sec/2016/q4/460 [1] ================================================== CVE-2016-9297 vulnerability reported in http://bugzilla.maptools.org/show_bug.cgi?id=2590 had a regression, which is fixed in http://bugzilla.maptools.org/show_bug.cgi?id=2593 by Even Rouault. Fixed per 2016-11-16 Even Rouault * libtiff/tif_dirread.c: in TIFFFetchNormalTag(), do not dereference NULL pointer when values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII access are 0-byte arrays. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2593 (regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297). Reported by Henri Salo. /cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog new revision: 1.1163; previous revision: 1.1162 /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- libtiff/tif_dirread.c new revision: 1.204; previous revision: 1.203 -- Henri Salo ================================================== [2] Initial report for CVE-2016-9297: https://bugzilla.opensuse.org/show_bug.cgi?id=1010161 -- You are receiving this mail because: You are on the CC list for the bug.