| CARVIEW |
Select Language
HTTP/2 200
cache-control: max-age=600
content-type: text/html; charset=utf-8
etag: "0317ed39c74d3324795323a782da6c6b7dcf69a365300ee0bbb91b6b2d843e23"
expires: Sun, 18 Jan 2026 17:16:30 UTC
last-modified: Sun, 07 Jan 2024 22:08:04 GMT
vary: Origin
x-request-id: 01KF9153HNPKD8VA91R1AN37BS
content-length: 12316
date: Sun, 18 Jan 2026 17:06:30 GMT
FS#74772 : [libtiff] [security] CVE-2022-1354 CVE-2022-1355
FS#74772 - [libtiff] [security] CVE-2022-1354 CVE-2022-1355
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Monday, 16 May 2022, 17:20 GMT
Last edited by Antonio Rojas (arojas) - Sunday, 19 June 2022, 09:28 GMT
Opened by T.J. Townsend (blakkheim) - Monday, 16 May 2022, 17:20 GMT
Last edited by Antonio Rojas (arojas) - Sunday, 19 June 2022, 09:28 GMT
|
Details
Description:
The libtiff package is vulnerable to CVE-2022-1354 and CVE-2022-1355. The attached diff adds these two fixes as well as two segmentation fault fixes that are required for the second CVE diff to apply cleanly. Additional info: One of the diffs modifies a binary file, so the patch command will refuse to apply it. As a workaround, use "git apply" to apply them. Feel free to do something else if you have a better idea. 
libtiff.diff
(4.2 KiB)
|
This task depends upon
|
4.4.0rc1 was released two days ago with all of the currently missing fixes.