[Secure-testing-commits] r43240 - data/CVE

Henri Salo fgeek-guest at moszumanska.debian.org
Sat Jul 16 17:00:16 UTC 2016 

Author: fgeek-guest
Date: 2016-07-16 17:00:16 +0000 (Sat, 16 Jul 2016)
New Revision: 43240

Modified:
   data/CVE/list
Log:
tiff multiple vulnerabilities fixed

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-07-16 15:14:19 UTC (rev 43239)
+++ data/CVE/list	2016-07-16 17:00:16 UTC (rev 43240)
@@ -127,7 +127,7 @@
 	NOTE: Different issue than CVE-2016-6132
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/5
 CVE-2016-6223 [tiff: information leak in libtiff/tif_read.c]
-	- tiff <unfixed>
+	- tiff 4.0.6-2
 	- tiff3 <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/3
 CVE-2016-1000023
@@ -922,7 +922,7 @@
 	RESERVED
 CVE-2016-5875 [tiff: heap-based buffer overflow when using the PixarLog compression format]
 	RESERVED
-	- tiff <unfixed> (bug #830700)
+	- tiff 4.0.6-2 (bug #830700)
 	- tiff3 <removed>
 	NOTE: Upstream fix: https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
 	NOTE: Duplicate with CVE-2016-5320 and CVE-2016-5314, cf.
@@ -2414,7 +2414,7 @@
 	RESERVED
 CVE-2016-5323 [tiffcrop _TIFFFax3fillruns(): NULL pointer dereference]
 	RESERVED
-	- tiff <unfixed>
+	- tiff 4.0.6-2
 	[jessie] - tiff <no-dsa> (Minor issue)
 	[wheezy] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
@@ -2432,14 +2432,14 @@
 	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=658
 CVE-2016-5321 [DumpModeDecode(): Ddos]
 	RESERVED
-	- tiff <unfixed>
+	- tiff 4.0.6-2
 	- tiff3 <removed>
 	NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2558#c2
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2558
 	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=657
 CVE-2016-5320 [rgb2ycbcr: command excution]
 	RESERVED
-	- tiff <unfixed> (bug #830700)
+	- tiff 4.0.6-2 (bug #830700)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554#c1
 CVE-2016-5317 [GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image]
@@ -2450,7 +2450,7 @@
 	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=653
 CVE-2016-5316 [tif_pixarlog.c: PixarLogCleanup() Segmentation fault]
 	RESERVED
-	- tiff <unfixed> (bug #830700)
+	- tiff 4.0.6-2 (bug #830700)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2556
 	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=656
@@ -2465,7 +2465,7 @@
 	NOTE:  http://bugzilla.maptools.org/show_bug.cgi?id=2555#c2
 CVE-2016-5314 [PixarLogDecode() out-of-bound writes]
 	RESERVED
-	- tiff <unfixed> (bug #830700)
+	- tiff 4.0.6-2 (bug #830700)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554
 	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=654

More information about the Secure-testing-commits mailing list