[Secure-testing-commits] r46348 - data/CVE

László Böszörményi gcs at moszumanska.debian.org
Sun Nov 20 14:25:41 UTC 2016 

Author: gcs
Date: 2016-11-20 14:25:41 +0000 (Sun, 20 Nov 2016)
New Revision: 46348

Modified:
   data/CVE/list
Log:
Update CVEs for src:tiff


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-20 10:45:26 UTC (rev 46347)
+++ data/CVE/list	2016-11-20 14:25:41 UTC (rev 46348)
@@ -1,5 +1,5 @@
 CVE-2016-9448 [invalid read of size 1 in TIFFFetchNormalTag]
-	- tiff <unfixed>
+	- tiff 4.0.7-1
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593
 	NOTE: Regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297
 CVE-2016-9421
@@ -560,7 +560,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/3
 CVE-2016-9297 [libtiff/tif_dirread.c read outside buffer in _TIFFPrintField()]
 	RESERVED
-	- tiff <unfixed> (bug #844226)
+	- tiff 4.0.7-1 (bug #844226)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
 	NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/2
 CVE-2016-XXXX [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
@@ -598,7 +598,7 @@
 	NOTE: Same commit as for CVE-2016-9276. Needs the dwarf_macro5.c part of the commit.
 CVE-2016-9273 [libtiff heap overflow]
 	RESERVED
-	- tiff <unfixed> (bug #844013)
+	- tiff 4.0.7-1 (bug #844013)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2587
 	NOTE: http://www.openwall.com/lists/oss-security/2016/11/09/20
 CVE-2016-9261
@@ -13209,7 +13209,7 @@
 CVE-2016-5322 [extractContigSamplesBytes: out-of-bounds read]
 	RESERVED
 	{DLA-610-1 DLA-606-1}
-	- tiff <unfixed>
+	- tiff 4.0.7-1
 	[jessie] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed> (unimportant)
 	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
@@ -17937,7 +17937,7 @@
 	RESERVED
 CVE-2016-3991 (Heap-based buffer overflow in the loadImage function in the tiffcrop ...)
 	{DLA-610-1 DLA-606-1}
-	- tiff <unfixed>
+	- tiff 4.0.7-1
 	[jessie] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed> (unimportant)
 	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
@@ -17945,7 +17945,7 @@
 	NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-3991.tif
 CVE-2016-3990 (Heap-based buffer overflow in the horizontalDifference8 function in ...)
 	{DLA-610-1}
-	- tiff <unfixed> (bug #836570)
+	- tiff 4.0.7-1 (bug #836570)
 	[jessie] - tiff <no-dsa> (Minor issue)
 	[wheezy] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed> (unimportant)
@@ -18171,7 +18171,7 @@
 	TODO: check
 CVE-2016-3945 (Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile ...)
 	{DLA-610-1}
-	- tiff <unfixed>
+	- tiff 4.0.7-1
 	[jessie] - tiff <no-dsa> (Minor issue)
 	[wheezy] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed> (unimportant)
@@ -19058,7 +19058,7 @@
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2569
 	NOTE: No security impact, just triggers a crash in a CLI tool
 CVE-2016-3622 (The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF ...)
-	- tiff <unfixed> (low; bug #820365)
+	- tiff 4.0.7-1 (low; bug #820365)
 	[jessie] - tiff <no-dsa> (Minor issue)
 	[wheezy] - tiff <no-dsa> (Minor issue)
 	- tiff3 <not-affected> (tiff tools not built)
@@ -34727,7 +34727,7 @@
 	NOTE: http://pf.itd.nrl.navy.mil/pipermail/core-users/2015-August/001837.html
 CVE-2015-7313 [OOM when parsing crafted tiff files]
 	RESERVED
-	- tiff <unfixed> (bug #800124)
+	- tiff 4.0.7-1 (bug #800124)
 	[jessie] - tiff <no-dsa> (Minor issue)
 	[wheezy] - tiff <no-dsa> (Minor issue)
 	[squeeze] - tiff <not-affected> (Can't reproduce the issue, file is rejected with "Integer overflow in TIFFVStripSize" and "cannot handle zero strip size.")

More information about the Secure-testing-commits mailing list