[Secure-testing-commits] r46428 - data/CVE

Raphaël Hertzog hertzog at moszumanska.debian.org
Tue Nov 22 10:11:51 UTC 2016 

Author: hertzog
Date: 2016-11-22 10:11:51 +0000 (Tue, 22 Nov 2016)
New Revision: 46428

Modified:
   data/CVE/list
Log:
Update tiff3 status for latest libtiff CVE

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-22 10:06:08 UTC (rev 46427)
+++ data/CVE/list	2016-11-22 10:11:51 UTC (rev 46428)
@@ -280,6 +280,8 @@
 CVE-2016-9453 [tiff2pdf: out-of-bounds write memcpy]
 	RESERVED
 	- tiff 4.0.6-3
+	- tiff3 <removed>
+	[wheezy] - tiff3 <not-affected> (Tools not shipped by tiff3)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2579
 	NOTE: https://github.com/vadz/libtiff/commit/d2955714a4a0b8ca10941550cfbf64c7e111fbf1
 	NOTE: For unstable this fix was included in the fix for TALOS-CAN-0187 / CVE-2016-5652
@@ -734,6 +736,8 @@
 CVE-2016-9297 [libtiff/tif_dirread.c read outside buffer in _TIFFPrintField()]
 	RESERVED
 	- tiff 4.0.7-1 (bug #844226)
+	- tiff3 <removed>
+	[wheezy] - tiff3 <not-affected> (Unreproducible)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
 	NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/2
 	NOTE: Patch https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed
@@ -746,6 +750,8 @@
 CVE-2016-9532 [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
 	- tiff 4.0.7-1 (bug #844057)
 	[jessie] - tiff <no-dsa> (Minor issue)
+	- tiff3 <removed>
+	[wheezy] - tiff3 <not-affected> (Tools not shipped by tiff3)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592
 	NOTE: Patch: https://github.com/vadz/libtiff/commit/21d39de1002a5e69caa0574b2cc05d795d6fbfad
 	NOTE: http://www.openwall.com/lists/oss-security/2016/11/11/14
@@ -780,6 +786,8 @@
 CVE-2016-9273 [libtiff heap overflow]
 	RESERVED
 	- tiff 4.0.7-1 (bug #844013)
+	- tiff3 <removed>
+	[wheezy] - tiff3 <not-affected> (Unreproducible)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2587
 	NOTE: Patch: https://github.com/vadz/libtiff/commit/d651abc097d91fac57f33b5f9447d0a9183f58e7
 	NOTE: Can be reproduced with valgrind in wheezy with libtiff 4.0.2-6+deb7u7

More information about the Secure-testing-commits mailing list