[Secure-testing-commits] r22640 - data/CVE

Michael Gilbert mgilbert at alioth.debian.org
Mon Jun 17 02:58:59 UTC 2013 

Author: mgilbert
Date: 2013-06-17 02:58:58 +0000 (Mon, 17 Jun 2013)
New Revision: 22640

Modified:
   data/CVE/list
Log:
tiff research

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-06-17 02:29:37 UTC (rev 22639)
+++ data/CVE/list	2013-06-17 02:58:58 UTC (rev 22640)
@@ -48890,10 +48890,10 @@
 CVE-2010-2632 (Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, ...)
 	NOT-FOR-US: Solaris FTP server
 CVE-2010-2631 (LibTIFF 3.9.0 ignores tags in certain situations during the first ...)
-	- tiff <unfixed> (unimportant)
+	- tiff 4.0.2-1 (unimportant)
 CVE-2010-2630 (The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly ...)
 	{DSA-2552-1}
-	- tiff <unfixed> (unimportant)
+	- tiff 4.0.2-1
 CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 ...)
 	NOT-FOR-US: Cisco
 CVE-2010-2628 (The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 ...)
@@ -49022,15 +49022,15 @@
 	- mantis 1.1.8+dfsg-6 (low; bug #595510)
 	[lenny] - mantis 1.1.6+dfsg-2lenny2
 CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as ...)
-	- tiff <unfixed> (unimportant)
+	- tiff 3.9.4-1
 CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 ...)
 	{DSA-2552-1}
-	- tiff <unfixed> (unimportant)
+	- tiff 4.0.2-1
 CVE-2010-2596 (The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and ...)
-	- tiff <unfixed> (unimportant)
+	- tiff 4.0.2-1 (unimportant)
 CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ...)
 	{DSA-2552-1}
-	- tiff <unfixed> (unimportant)
+	- tiff 4.0.2-1
 CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, ...)
 	NOT-FOR-US: Microsoft PowerPoint
 CVE-2010-2572 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows ...)
@@ -82453,8 +82453,7 @@
 CVE-2008-1587
 	RESERVED
 CVE-2008-1586 (ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod ...)
-	- tiff <unfixed> (unimportant)
-	NOTE: application crashers are not considered security-relevant
+	NOT-FOR-US: Apple ImageIO
 CVE-2008-1585 (Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2008-1584 (Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 ...)

More information about the Secure-testing-commits mailing list