File _patchinfo of Package patchinfo.10217

<patchinfo incident="10217">
  <issue tracker="bnc" id="1146608">VUL-1: CVE-2019-14973: tiff: _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards</issue>
  <issue tracker="bnc" id="1108606">VUL-1: CVE-2018-17000: tiff: NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction)</issue>
  <issue tracker="bnc" id="1121626">VUL-1: CVE-2019-6128: tiff: The TIFFFdOpen function in tif_unix.c in LibTIFF  has a memory leak</issue>
  <issue id="1125113" tracker="bnc">VUL-1: CVE-2019-7663: tiff: An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c</issue>
  <issue id="983268" tracker="bnc">VUL-1: CVE-2016-5102: tiff: gif2tiff: buffer overflow in readgifimage()</issue>
  <issue tracker="cve" id="2018-17000"/>
  <issue tracker="cve" id="2019-6128"/>
  <issue tracker="cve" id="2019-7663"/>
  <issue tracker="cve" id="2016-5102"/>
  <issue tracker="cve" id="2019-14973"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for tiff fixes the following issues:

Security issues fixed:

- CVE-2019-14973: Fixed an improper check which was depended on the compiler
  which could have led to integer overflow (bsc#1146608).
- CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268)
- CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606).
- CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626).
- CVE-2019-7663: Fixed an invalid address dereference in the
  TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113)
</description>
  <summary>Security update for tiff</summary>
</patchinfo>