[Secure-testing-commits] r23520 - data/CVE
Arne Wichmann
aw-guest at alioth.debian.org
Mon Sep 2 20:47:12 UTC 2013
Author: aw-guest
Date: 2013-09-02 20:47:11 +0000 (Mon, 02 Sep 2013)
New Revision: 23520
Modified:
data/CVE/list
Log:
CVE-2013-1961 - tiff3 not affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-09-02 14:42:20 UTC (rev 23519)
+++ data/CVE/list 2013-09-02 20:47:11 UTC (rev 23520)
@@ -9050,8 +9050,9 @@
CVE-2013-1961 (Stack-based buffer overflow in the t2p_write_pdf_page function in ...)
{DSA-2698-1}
- tiff 4.0.2-6+nmu1 (bug #706674)
- - tiff3 3.9.7-1 (bug #712840)
+ - tiff3 <not-affected> (bug #712840)
[wheezy] - tiff3 <no-dsa> (the changes that effect the library are just hardening, converting uses of sprintf to snprintf. those can be rolled into the next tiff3 update, but a separate dsa isn't needed)
+ NOTE: The tiff3 package does not include tiff2pdf, so the issue does not applyto tiff3.
CVE-2013-1960 (Heap-based buffer overflow in the tp_process_jpeg_strip function in ...)
{DSA-2698-1}
- tiff 4.0.2-6+nmu1 (bug #706675)
More information about the Secure-testing-commits
mailing list