jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7e5f30e3e3
cvrf2cusa/cvrf/2022/cvrf-openEuler-SA-2022-2020.xml

315 lines
19 KiB
XML
Raw Normal View History

增加测试用的配置和目录 Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-02 07:51:55 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2022-2020</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2022-10-28</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2022-10-28</InitialReleaseDate>
<CurrentReleaseDate>2022-10-28</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2022-10-28</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">libtiff security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">This libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff library.
Security Fix(es):
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact(CVE-2022-3570)
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.(CVE-2022-3597)
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.(CVE-2022-3599)
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.(CVE-2022-3598)
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.(CVE-2022-3626)
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.(CVE-2022-3627)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for libtiff is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">Critical</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">libtiff</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3570</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3597</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3599</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3598</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3626</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3627</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-3570</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-3597</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-3599</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-3598</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-3626</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-3627</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="libtiff-debuginfo-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libtiff-debuginfo-4.3.0-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libtiff-debugsource-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libtiff-debugsource-4.3.0-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libtiff-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libtiff-4.3.0-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libtiff-devel-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libtiff-devel-4.3.0-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libtiff-debuginfo-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libtiff-debuginfo-4.3.0-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libtiff-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libtiff-4.3.0-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libtiff-debugsource-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libtiff-debugsource-4.3.0-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libtiff-devel-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libtiff-devel-4.3.0-6.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libtiff-debugsource-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-debugsource-4.3.0-20.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="libtiff-static-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-static-4.3.0-20.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="libtiff-tools-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-tools-4.3.0-20.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="libtiff-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-4.3.0-20.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="libtiff-devel-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-devel-4.3.0-20.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="libtiff-debuginfo-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-debuginfo-4.3.0-20.oe2203.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="noarch">
<FullProductName ProductID="libtiff-help-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libtiff-help-4.3.0-6.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="libtiff-help-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libtiff-help-4.3.0-6.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="libtiff-help-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-help-4.3.0-20.oe2203.noarch.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="libtiff-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libtiff-4.3.0-6.oe1.src.rpm</FullProductName>
<FullProductName ProductID="libtiff-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libtiff-4.3.0-6.oe1.src.rpm</FullProductName>
<FullProductName ProductID="libtiff-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-4.3.0-20.oe2203.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="libtiff-debuginfo-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libtiff-debuginfo-4.3.0-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libtiff-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libtiff-4.3.0-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libtiff-debugsource-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libtiff-debugsource-4.3.0-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libtiff-devel-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libtiff-devel-4.3.0-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libtiff-debuginfo-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libtiff-debuginfo-4.3.0-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libtiff-devel-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libtiff-devel-4.3.0-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libtiff-debugsource-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libtiff-debugsource-4.3.0-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libtiff-4.3.0-6" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libtiff-4.3.0-6.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libtiff-static-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-static-4.3.0-20.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="libtiff-tools-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-tools-4.3.0-20.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="libtiff-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-4.3.0-20.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="libtiff-devel-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-devel-4.3.0-20.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="libtiff-debuginfo-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-debuginfo-4.3.0-20.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="libtiff-debugsource-4.3.0-20" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libtiff-debugsource-4.3.0-20.oe2203.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact</Note>
</Notes>
<ReleaseDate>2022-10-28</ReleaseDate>
<CVE>CVE-2022-3570</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Critical</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>9.8</BaseScore>
<Vector>AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>libtiff security update</Description>
<DATE>2022-10-28</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.</Note>
</Notes>
<ReleaseDate>2022-10-28</ReleaseDate>
<CVE>CVE-2022-3597</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.5</BaseScore>
<Vector>AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>libtiff security update</Description>
<DATE>2022-10-28</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="3" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="3" xml:lang="en">LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.</Note>
</Notes>
<ReleaseDate>2022-10-28</ReleaseDate>
<CVE>CVE-2022-3599</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.5</BaseScore>
<Vector>AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>libtiff security update</Description>
<DATE>2022-10-28</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="4" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="4" xml:lang="en">LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.</Note>
</Notes>
<ReleaseDate>2022-10-28</ReleaseDate>
<CVE>CVE-2022-3598</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.5</BaseScore>
<Vector>AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>libtiff security update</Description>
<DATE>2022-10-28</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="5" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.</Note>
</Notes>
<ReleaseDate>2022-10-28</ReleaseDate>
<CVE>CVE-2022-3626</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.5</BaseScore>
<Vector>AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>libtiff security update</Description>
<DATE>2022-10-28</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="6" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="6" xml:lang="en">LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.</Note>
</Notes>
<ReleaseDate>2022-10-28</ReleaseDate>
<CVE>CVE-2022-3627</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.5</BaseScore>
<Vector>AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>libtiff security update</Description>
<DATE>2022-10-28</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2020</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue Copy Permalink