[Secure-testing-commits] r34429 - in data: CVE DLA
Raphaël Hertzog
hertzog at moszumanska.debian.org
Fri May 22 13:04:03 UTC 2015
Author: hertzog
Date: 2015-05-22 13:04:03 +0000 (Fri, 22 May 2015)
New Revision: 34429
Modified:
data/CVE/list
data/DLA/list
Log:
Mark CVE-2015-1547 fixed by DLA-221-1 on tiff
Assuming that the comment in
https://bugzilla.redhat.com/show_bug.cgi?id=1190709#c3 is correct,
the fix is in the patch included for CVE-2014-9655.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-22 10:48:19 UTC (rev 34428)
+++ data/CVE/list 2015-05-22 13:04:03 UTC (rev 34429)
@@ -7109,6 +7109,8 @@
NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
NOTE: fix in https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1547
NOTE: is applied in 4.0.3-13 (but please recheck this)
+ NOTE: Raphael Hertzog> I could not find a way to reliably use the above reproducer. No segfault. And valgrind on "xloadimage" spits lots of warnings about use of uninitialized values with a good file and with the reproducer.
+ NOTE: Still this CVE has been added to DLA-221-1 because the patch used for CVE-2014-9655 seems to include the fix for this CVE.
CVE-2015-1482 (Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to ...)
NOT-FOR-US: Ansible Tower
CVE-2015-1481 (Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization ...)
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2015-05-22 10:48:19 UTC (rev 34428)
+++ data/DLA/list 2015-05-22 13:04:03 UTC (rev 34429)
@@ -11,7 +11,7 @@
{CVE-2012-5783 CVE-2012-6153 CVE-2014-3577}
[squeeze] - commons-httpclient 3.1-9+deb6u1
[16 May 2015] DLA-221-1 tiff - security update
- {CVE-2014-8128 CVE-2014-8129 CVE-2014-9330 CVE-2014-9655}
+ {CVE-2014-8128 CVE-2014-8129 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547}
[squeeze] - tiff 3.9.4-5+squeeze12
[15 May 2015] DLA-220-1 dpkg - security update
{CVE-2015-0840}
More information about the Secure-testing-commits
mailing list