CLD-221 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-17973 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) libtiff
Deficiency Type SECURITY
Date Created 2018-01-10 14:56:59
Date Last Modified 2018-01-10 15:06:53

Version Specific Information:

Cucumber 1.0 i686 waiting for upstream to publish patch (we think)
Cucumber 1.0 x86_64 waiting for upstream to publish patch (we think)

Cucumber 1.1 i686 waiting for upstream to publish patch (we think)
Cucumber 1.1 x86_64 waiting for upstream to publish patch (we think)

Details:

Debian claims that libtiff version 4.0.9 is vulnerable to this vulnerability.
There are no other sources either confirming or denying this, so we will
proceed under the assumption that this is the case unless a reason not to
emerges.

As of Wed Jan 10 10:32:28 EST 2018, the version of libtiff in Cucumber Linux
1.0 and 1.1 is 4.0.9, so following our assumption both Cucumber Linux 1.0 and
1.1 are vulnerable.