[Secure-testing-commits] r36919 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Wed Sep 30 14:15:16 UTC 2015
Author: hertzog
Date: 2015-09-30 14:15:15 +0000 (Wed, 30 Sep 2015)
New Revision: 36919
Modified:
data/CVE/list
Log:
Update data of tiff CVE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-30 13:32:35 UTC (rev 36918)
+++ data/CVE/list 2015-09-30 14:15:15 UTC (rev 36919)
@@ -206,8 +206,11 @@
CVE-2015-7313 [OOM when parsing crafted tiff files]
RESERVED
- tiff <unfixed> (bug #800124)
+ [squeeze] - tiff <not-affected> (Can't reproduce the issue, file is rejected with "Integer overflow in TIFFVStripSize" and "cannot handle zero strip size.")
- tiff3 <removed>
- NOTE: Can't reproduce the issue with test file at https://marc.info/?l=oss-security&m=144284777006804&q=p6 Mailed Gustavo Grieco to get more details. -- Raphael Hertzog
+ NOTE: Test file here: https://marc.info/?l=oss-security&m=144284777006804&q=p6
+ NOTE: Reproduce with "ltrace -e realloc tiffdither /tmp/oom.tif /dev/null"
+ NOTE: at the end you see "libtiff.so.5->realloc(0, 1636178024)"
CVE-2015-7311 [XSA-142]
RESERVED
- xen <unfixed>
More information about the Secure-testing-commits
mailing list