[Secure-testing-commits] r32379 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sat Feb 21 12:43:23 UTC 2015
Author: jmm
Date: 2015-02-21 12:43:23 +0000 (Sat, 21 Feb 2015)
New Revision: 32379
Modified:
data/CVE/list
Log:
tiff NMUd
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-21 09:53:50 UTC (rev 32378)
+++ data/CVE/list 2015-02-21 12:43:23 UTC (rev 32379)
@@ -1577,7 +1577,7 @@
NOTE: Starting with 1.4-5 cabextract uses the mspack system library
CVE-2014-9655 [access of uninitialized memory]
RESERVED
- - tiff <unfixed> (bug #777390)
+ - tiff 4.0.3-12.1 (bug #777390)
- tiff3 <removed>
NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-1.tif
NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-2.tif
@@ -9600,7 +9600,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2483
CVE-2014-8129 [out-of-bound read and write]
RESERVED
- - tiff <unfixed> (bug #776185)
+ - tiff 4.0.3-12.1 (bug #776185)
- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2487 (tiff2pdf)
@@ -9618,6 +9618,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2495 (tiff2pdf)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2499 (thumbnail and tiffcmp) [not fixed yet in CVS HEAD]
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2501 (tiffdither) [not fixed yet in CVS HEAD]
+ NOTE: 4.0.3-12.1 fixes all issues except 2499 and 2501
CVE-2014-8127 [out-of-bound reads]
RESERVED
- tiff <unfixed> (bug #776185)
@@ -9629,6 +9630,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2496 (tiff2ps and tiffdither)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2497 (tiffmedian)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2500 (tiffset) [not fixed yet in CVS HEAD]
+ NOTE: 4.0.3-12.1 fixes all issues except 2500
CVE-2014-8126 [mailx invocation enables code execution as condor user]
RESERVED
{DSA-3149-1}
More information about the Secure-testing-commits
mailing list