Security: Security bug in libtiff 4.0.6 |
||||||
Issue descriptionPDFium's libtiff is 4.0.6, which has the same issue as ChromeOS': https://bugs.chromium.org/p/chromium/issues/detail?id=689931 I'm calling this Security_Severity-Medium out of an abundance of caution: Maybe it's more than a NULL deref? Feel free to downgrade it as appropriate.
,
Feb 8 2017
,
Feb 8 2017
We use TIFF in XFA only which is not enabled for any branch of Chromium.
,
Feb 8 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a5c3798ee2de14fb39c3bde92015c4ee7081c2b2 commit a5c3798ee2de14fb39c3bde92015c4ee7081c2b2 Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org> Date: Wed Feb 08 23:06:41 2017 Roll src/third_party/pdfium/ 0fc185ea8..ac2e04797 (1 commit). https://pdfium.googlesource.com/pdfium.git/+log/0fc185ea8a3a..ac2e04797b25 $ git log 0fc185ea8..ac2e04797 --date=short --no-merges --format='%ad %ae %s' 2017-02-08 npm Libtiff upstream fix for TIFFFetchNormalTag Created with: roll-dep src/third_party/pdfium BUG= 690124 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2688603002 Cr-Commit-Position: refs/heads/master@{#449125} [modify] https://crrev.com/a5c3798ee2de14fb39c3bde92015c4ee7081c2b2/DEPS
,
Feb 8 2017
,
Feb 9 2017
,
Feb 9 2017
For the record: https://bugs.chromium.org/p/chromium/issues/detail?id=690404
,
Feb 9 2017
If #7 was directed to me: I don't have access to that bug.
,
Feb 9 2017
#8: I added you and dsinclair.
,
May 18 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by palmer@chromium.org
, Feb 8 2017