[Secure-testing-commits] r23521 - data/CVE
Michael Gilbert
mgilbert at alioth.debian.org
Mon Sep 2 21:09:53 UTC 2013
Author: mgilbert
Date: 2013-09-02 21:09:52 +0000 (Mon, 02 Sep 2013)
New Revision: 23521
Modified:
data/CVE/list
Log:
CVE-2013-1961 also includes sprintf hardening, which is not yet fixed in tiff3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-09-02 20:47:11 UTC (rev 23520)
+++ data/CVE/list 2013-09-02 21:09:52 UTC (rev 23521)
@@ -9050,9 +9050,8 @@
CVE-2013-1961 (Stack-based buffer overflow in the t2p_write_pdf_page function in ...)
{DSA-2698-1}
- tiff 4.0.2-6+nmu1 (bug #706674)
- - tiff3 <not-affected> (bug #712840)
+ - tiff3 3.9.7-1 (bug #712840)
[wheezy] - tiff3 <no-dsa> (the changes that effect the library are just hardening, converting uses of sprintf to snprintf. those can be rolled into the next tiff3 update, but a separate dsa isn't needed)
- NOTE: The tiff3 package does not include tiff2pdf, so the issue does not applyto tiff3.
CVE-2013-1960 (Heap-based buffer overflow in the tp_process_jpeg_strip function in ...)
{DSA-2698-1}
- tiff 4.0.2-6+nmu1 (bug #706675)
More information about the Secure-testing-commits
mailing list