.. follow up of 20190212073152.ga2...@behemoth.owl.eu.com.local otherwise tests went fine.
one more comment: > + * Non-maintainer upload by the LTS Team. > + * Fix CVE-2018-19210: NULL pointer dereference > + There is a NULL pointer dereference in the TIFFWriteDirectorySec function > + in tif_dirwrite.c that will lead to a denial of service attack, as > + demonstrated by tiffset. > + * Fix CVE-2018-17000: NULL pointer dereference > + A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c > (called > + from TIFFWriteDirectoryTagTransferfunction) allows an attacker > + to cause a denial-of-service through a crafted tiff file. This > vulnerability > + can be triggered by the executable tiffcp. This patch is actually the one for CVE-2019-7663, which happens to also fix CVE-2018-17000 (not confirmed by upstream yet?). I suggest to mention CVE-2019-7663 here. :) thanks! Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Description: PGP signature