[Secure-testing-commits] r46425 - data/CVE

Raphaël Hertzog hertzog at moszumanska.debian.org
Tue Nov 22 09:58:36 UTC 2016 

Author: hertzog
Date: 2016-11-22 09:58:27 +0000 (Tue, 22 Nov 2016)
New Revision: 46425

Modified:
   data/CVE/list
Log:
Add more data on libtiff CVE

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-22 09:24:12 UTC (rev 46424)
+++ data/CVE/list	2016-11-22 09:58:27 UTC (rev 46425)
@@ -284,6 +284,12 @@
 	NOTE: https://github.com/vadz/libtiff/commit/d2955714a4a0b8ca10941550cfbf64c7e111fbf1
 	NOTE: For unstable this fix was included in the fix for TALOS-CAN-0187 / CVE-2016-5652
 	NOTE: and included in patches/09-CVE-2016-5652.patch
+	NOTE: Problem not reproducible in wheezy with 4.0.2-6+deb7u7, in jessie with 4.0.3-12.3+deb8u1, in both cases I get this output (but no segfault or error with valgrind):
+	NOTE: TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
+	NOTE: TIFFReadDirectory: Warning, Unknown field with tag 1 (0x1) encountered.
+	NOTE: TIFFReadDirectory: Warning, Unknown field with tag 3 (0x3) encountered.
+	NOTE: TIFFReadDirectory: IO error during reading of "BitsPerSample".
+	NOTE: tiff2pdf: Can't open input file ./CVE-2016-9453.tiff for reading.
 CVE-2016-9446 [gstreamer 0.10 VMNC code execution #2]
 	RESERVED
 	{DSA-3717-1 DLA-712-1}
@@ -729,13 +735,18 @@
 	- tiff 4.0.7-1 (bug #844226)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
 	NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/2
+	NOTE: Patch https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed
+	NOTE: Reproducible with valgrind in wheezy with 4.0.2-6+deb7u7
+	NOTE: Reproducible with valgrind in jessie with 4.0.3-12.3+deb8u1
 	NOTE: When fixing this CVE make sure to make the fix complete and not
 	NOTE: introduce CVE-2016-9448 / http://bugzilla.maptools.org/show_bug.cgi?id=2593
 	NOTE: Fix in 4.0.7 is complete.
+	NOTE: Patch CVE-2016-9448: https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e
 CVE-2016-9532 [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
 	- tiff 4.0.7-1 (bug #844057)
 	[jessie] - tiff <no-dsa> (Minor issue)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592
+	NOTE: Patch: https://github.com/vadz/libtiff/commit/21d39de1002a5e69caa0574b2cc05d795d6fbfad
 	NOTE: http://www.openwall.com/lists/oss-security/2016/11/11/14
 CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old versions ...)
 	- p7zip 16.02+dfsg-2 (bug #844344)
@@ -769,7 +780,9 @@
 	RESERVED
 	- tiff 4.0.7-1 (bug #844013)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2587
-	NOTE: http://www.openwall.com/lists/oss-security/2016/11/09/20
+	NOTE: Patch: https://github.com/vadz/libtiff/commit/d651abc097d91fac57f33b5f9447d0a9183f58e7
+	NOTE: Can be reproduced with valgrind in wheezy with libtiff 4.0.2-6+deb7u7
+	NOTE: Can be reproduced with valgrind in jessie with libtiff 4.0.3-12.3+deb8u1
 CVE-2016-9261
 	RESERVED
 CVE-2016-9260

More information about the Secure-testing-commits mailing list