[Secure-testing-commits] r42535 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Jun 14 20:57:07 UTC 2016 

Author: jmm
Date: 2016-06-14 20:57:07 +0000 (Tue, 14 Jun 2016)
New Revision: 42535

Modified:
   data/CVE/list
Log:
swift N/a
clarify two tiff issues as affecting the lib


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-14 20:40:14 UTC (rev 42534)
+++ data/CVE/list	2016-06-14 20:57:07 UTC (rev 42535)
@@ -525,11 +525,11 @@
 	RESERVED
 CVE-2014-9855
 	RESERVED
-CVE-2016-5319 [bmp2tiff: PackBitsEncode heap buffer overflow]
+CVE-2016-5319 [libtiff: PackBitsEncode heap buffer overflow]
 	RESERVED
 	- tiff <unfixed>
 	- tiff3 <removed>
-CVE-2016-5318 [thumbnail: stack buffer overflow in _TIFFVGetField function]
+CVE-2016-5318 [libtiff: stack buffer overflow in _TIFFVGetField function]
 	RESERVED
 	- tiff <unfixed>
 	- tiff3 <removed>
@@ -13614,7 +13614,6 @@
 	NOTE: http://seclists.org/bugtraq/2015/Dec/138
 	NOTE: no fix published yet
 	NOTE: Red Hat say it's only OOB read: https://bugzilla.redhat.com/show_bug.cgi?id=1294425#c1
-	TODO: check
 CVE-2015-8683 (The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 ...)
 	{DSA-3467-1 DLA-402-1}
 	- tiff 4.0.6-1 (bug #809021)
@@ -14780,14 +14779,14 @@
 	NOTE: Upstream fix: https://git.libssh.org/projects/libssh.git/commit/?h=v0-7&id=f8d0026c65fc8a55748ae481758e2cf376c26c86
 CVE-2016-0738 (OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x ...)
 	- swift 2.5.0-3 (bug #812984)
+	[jessie] - swift <not-affected> (Vulnerable code not present)
 	[wheezy] - swift <not-affected> (Vulnerable code not present)
 	NOTE: Swift: >=2.2.1 <= 2.3.0, >= 2.4.0 <= 2.5.0
-	TODO: check
 CVE-2016-0737 (OpenStack Object Storage (Swift) before 2.4.0 does not properly close ...)
 	- swift 2.4.0-1
+	[jessie] - swift <not-affected> (Vulnerable code not present)
 	[wheezy] - swift <not-affected> (Vulnerable code not present)
 	NOTE: Swift: >=2.2.1 <= 2.3.0
-	TODO: check, not exaclty clear if it really only was introduced in 2.2.1
 CVE-2016-0736
 	RESERVED
 CVE-2016-0735 (Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to ...)

More information about the Secure-testing-commits mailing list