[Secure-testing-commits] r46359 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Nov 20 18:26:28 UTC 2016
Author: carnil
Date: 2016-11-20 18:26:28 +0000 (Sun, 20 Nov 2016)
New Revision: 46359
Modified:
data/CVE/list
Log:
Mark CVE-2016-9448 as not-affected and add though node for CVE-2016-9297
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-20 18:23:57 UTC (rev 46358)
+++ data/CVE/list 2016-11-20 18:26:28 UTC (rev 46359)
@@ -1,5 +1,5 @@
CVE-2016-9448 [invalid read of size 1 in TIFFFetchNormalTag]
- - tiff 4.0.7-1
+ - tiff <not-affected> (Vulnerable code introduced by fix for CVE-2016-9297)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593
NOTE: Regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297
CVE-2016-9421
@@ -576,6 +576,9 @@
- tiff 4.0.7-1 (bug #844226)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/2
+ NOTE: When fixing this CVE make sure to make the fix complete and not
+ NOTE: introduce CVE-2016-9448 / http://bugzilla.maptools.org/show_bug.cgi?id=2593
+ NOTE: Fix in 4.0.7 is complete.
CVE-2016-XXXX [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
- tiff <unfixed> (bug #844057)
[jessie] - tiff <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list