[Secure-testing-commits] r33984 - data/CVE

Ben Hutchings benh at moszumanska.debian.org
Thu Apr 30 20:58:11 UTC 2015 

Author: benh
Date: 2015-04-30 20:58:11 +0000 (Thu, 30 Apr 2015)
New Revision: 33984

Modified:
   data/CVE/list
Log:
Mark CVE-2014-812{8,9} as unfixed in tiff3

Although these issues were reported against the tools built from the
tiff source package, the underlying bugs are mostly in the library.
(At least, the fixes touch the library.)  So tiff3 is still affected.
-- This line, and those below, will be ignored--

M    data/CVE/list



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-30 18:16:46 UTC (rev 33983)
+++ data/CVE/list	2015-04-30 20:58:11 UTC (rev 33984)
@@ -14057,14 +14057,15 @@
 CVE-2014-8129 [out-of-bound read and write]
 	RESERVED
 	- tiff 4.0.3-12.1 (bug #776185)
-	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
+	- tiff3 <unfixed>
 	NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2487 (tiff2pdf)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2488 (tiff2pdf)
+	NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library
 CVE-2014-8128 [out-of-bounds write]
 	RESERVED
 	- tiff 4.0.3-12.3 (bug #776185)
-	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
+	- tiff3 <unfixed>
 	NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2489 (thumbnail)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2490 (tiffdither)
@@ -14074,6 +14075,7 @@
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2495 (tiff2pdf)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2499 (thumbnail and tiffcmp) [not fixed yet in CVS HEAD]
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2501 (tiffdither)
+	NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library
 CVE-2014-8127 [out-of-bound reads]
 	RESERVED
 	- tiff <unfixed> (unimportant; bug #776185)

More information about the Secure-testing-commits mailing list