[Secure-testing-commits] r46324 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2016-11-18 16:07:32 +0000 (Fri, 18 Nov 2016)
New Revision: 46324

Modified:
   data/CVE/list
Log:
tiff triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-18 15:52:05 UTC (rev 46323)
+++ data/CVE/list	2016-11-18 16:07:32 UTC (rev 46324)
@@ -1,6 +1,5 @@
 CVE-2016-XXXX [tiff2pdf: out-of-bounds write memcpy]
 	- tiff 4.0.6-3
-	[jessie] - tiff <no-dsa> (Minor issue)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2579
 	NOTE: https://github.com/vadz/libtiff/commit/d2955714a4a0b8ca10941550cfbf64c7e111fbf1
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/11/18/4
@@ -12997,12 +12996,12 @@
 CVE-2016-5323 [tiffcrop _TIFFFax3fillruns(): NULL pointer dereference]
 	RESERVED
 	{DLA-610-1 DLA-606-1}
-	- tiff 4.0.6-2
-	[jessie] - tiff <no-dsa> (Minor issue)
-	- tiff3 <removed>
+	- tiff 4.0.6-2 (unimportant)
+	- tiff3 <removed> (unimportant)
 	NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2559#c3
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2559
 	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=659
+	NOTE: No security impact, just a crash in a CLI tool
 CVE-2016-5322 [extractContigSamplesBytes: out-of-bounds read]
 	RESERVED
 	{DLA-610-1 DLA-606-1}
@@ -18850,10 +18849,10 @@
 	NOTE: Upstream marked this duplicate of bug 2569
 CVE-2016-3623 (The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote ...)
 	{DLA-610-1}
-	- tiff 4.0.6-3
-	[wheezy] - tiff <no-dsa> (Minor issue)
-	- tiff3 <removed>
+	- tiff 4.0.6-3 (unimportant)
+	- tiff3 <removed> (unimportant)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2569
+	NOTE: No security impact, just triggers a crash in a CLI tool
 CVE-2016-3622 (The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF ...)
 	- tiff <unfixed> (low; bug #820365)
 	[jessie] - tiff <no-dsa> (Minor issue)