[Secure-testing-commits] r44239 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Aug 31 09:10:12 UTC 2016
Author: sectracker
Date: 2016-08-31 09:10:11 +0000 (Wed, 31 Aug 2016)
New Revision: 44239
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-31 08:39:55 UTC (rev 44238)
+++ data/CVE/list 2016-08-31 09:10:11 UTC (rev 44239)
@@ -3847,6 +3847,7 @@
RESERVED
CVE-2016-5875 [tiff: heap-based buffer overflow when using the PixarLog compression format]
RESERVED
+ {DLA-606-1}
- tiff 4.0.6-2 (bug #830700)
- tiff3 <removed>
NOTE: Upstream fix: https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
@@ -4193,7 +4194,7 @@
TODO: check
CVE-2016-5844 [undefined behaviour (integer overflow) in iso parser]
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.1-1
NOTE: Upstream ticket: https://github.com/libarchive/libarchive/issues/717
NOTE: Upstream fix: https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22 (v3.2.1)
@@ -5497,6 +5498,7 @@
RESERVED
CVE-2016-5323 [tiffcrop _TIFFFax3fillruns(): NULL pointer dereference]
RESERVED
+ {DLA-606-1}
- tiff 4.0.6-2
[jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
@@ -5505,6 +5507,7 @@
NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=659
CVE-2016-5322 [extractContigSamplesBytes: out-of-bounds read]
RESERVED
+ {DLA-606-1}
- tiff <unfixed>
[jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed> (unimportant)
@@ -5513,6 +5516,7 @@
NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=658
CVE-2016-5321 [DumpModeDecode(): Ddos]
RESERVED
+ {DLA-606-1}
- tiff 4.0.6-2
- tiff3 <removed>
NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2558#c2
@@ -5520,17 +5524,20 @@
NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=657
CVE-2016-5320 [rgb2ycbcr: command excution]
RESERVED
+ {DLA-606-1}
- tiff 4.0.6-2 (bug #830700)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554#c1
CVE-2016-5317 [GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image]
RESERVED
+ {DLA-606-1}
- tiff <unfixed>
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2557
NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=653
CVE-2016-5316 [tif_pixarlog.c: PixarLogCleanup() Segmentation fault]
RESERVED
+ {DLA-606-1}
- tiff 4.0.6-2 (bug #830700)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2556
@@ -5538,6 +5545,7 @@
NOTE: Upstream fix https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
CVE-2016-5315 [tif_dir.c: setByteArray() Read access violation]
RESERVED
+ {DLA-606-1}
- tiff <unfixed>
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555
@@ -5546,6 +5554,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555#c2
CVE-2016-5314 [PixarLogDecode() out-of-bound writes]
RESERVED
+ {DLA-606-1}
- tiff 4.0.6-2 (bug #830700)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554
@@ -5583,20 +5592,20 @@
NOTE: Fixed in 5.6.6, 5.5.22 and 5.4.38
CVE-2015-8934 [out of bounds heap read in RAR parser]
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.1-1
NOTE: https://github.com/libarchive/libarchive/issues/521
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/603454ec03040c29bd051fcc749e3c1433c11a8e (v3.2.1)
CVE-2015-8933 [undefined behaviour / signed integer overflow in archive_read_format_tar_skip()]
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/548
NOTE: https://github.com/libarchive/libarchive/issues/582
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3c7a6dc6694d9b26400d2bd672e04d09ed8a4276 (v3.1.900a)
CVE-2015-8932
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/547
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/f0b1dbbc325a2d922015eee402b72edd422cb9ea (v3.1.900a)
@@ -5606,14 +5615,14 @@
NOTE: to fix https://github.com/libarchive/libarchive/issues/356
CVE-2015-8931
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/539
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/b31744df71084a8734f97199e42418f55d08c6c5 (v3.1.900a)
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/c0c52e9aaafb0860c4151c5374372051e9354301 (v3.1.900a)
CVE-2015-8930
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/522
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/39fc59391b7cf2a007bffce280c1e3e66674258f (v3.1.900a)
@@ -5627,6 +5636,7 @@
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/d24e79e8f9547ae475a3a0c9516e079a14010838
CVE-2015-8928
RESERVED
+ {DSA-3657-1}
- libarchive 3.2.0-2
[wheezy] - libarchive <not-affected> (vulnerable code not present)
NOTE: https://github.com/libarchive/libarchive/issues/550
@@ -5640,49 +5650,49 @@
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/eff35d4
CVE-2015-8926
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/518
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/aab73938
CVE-2015-8925
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/516
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/1e18cbb71
CVE-2015-8924
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/515
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/bb9b157
CVE-2015-8923
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/514
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/9e0689c
CVE-2015-8922
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/513
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/d094dc
CVE-2015-8921
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/512
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/1cbc76f
CVE-2015-8920
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/511
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/97f964e
CVE-2015-8919
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/510
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/e8a2e4d
@@ -5694,12 +5704,13 @@
NOTE: https://github.com/libarchive/libarchive/issues/506
CVE-2015-8917
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/505
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/b2e2abb
CVE-2015-8916
RESERVED
+ {DSA-3657-1}
- libarchive 3.2.0-2
[wheezy] - libarchive <not-affected> (no segfault, not reproducible with reproducer)
NOTE: https://github.com/libarchive/libarchive/issues/504
@@ -7564,7 +7575,7 @@
NOTE: https://launchpad.net/bugs/1577558
CVE-2016-4809 [Memory allocate error with symbolic links in cpio archives]
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.1-1
NOTE: https://github.com/libarchive/libarchive/issues/705
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408 (v3.2.1)
@@ -9119,7 +9130,7 @@
NOTE: http://www.talosintel.com/reports/TALOS-2016-0164/
CVE-2016-4302 [Libarchive Rar RestartModel Heap Overflow]
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.1-1
NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
NOTE: http://www.talosintel.com/reports/TALOS-2016-0154/
@@ -9136,7 +9147,7 @@
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/ecdac4d50db0cf5a0c630ba077729aaa6c5a2dd2
CVE-2016-4300 [7-Zip read_SubStreamsInfo Integer Overflow]
RESERVED
- {DLA-554-1}
+ {DSA-3657-1 DLA-554-1}
- libarchive 3.2.1-1
NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
NOTE: http://www.talosintel.com/reports/TALOS-2016-0152/
@@ -10004,6 +10015,7 @@
RESERVED
CVE-2016-3991 [tiffcrop: out-of-bounds write in loadImage()]
RESERVED
+ {DLA-606-1}
- tiff <unfixed>
[jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed> (unimportant)
@@ -19216,9 +19228,11 @@
RESERVED
CVE-2016-1242
RESERVED
+ {DSA-3656-1}
- tryton-server 4.0.4-1
CVE-2016-1241
RESERVED
+ {DSA-3656-1}
- tryton-server 4.0.4-1
[wheezy] - tryton-server <not-affected> (password_hash field introduced in 3.2 series)
CVE-2016-1240
More information about the Secure-testing-commits
mailing list