[Secure-testing-commits] r46499 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Nov 24 05:26:25 UTC 2016 

Author: carnil
Date: 2016-11-24 05:26:25 +0000 (Thu, 24 Nov 2016)
New Revision: 46499

Modified:
   data/CVE/list
Log:
Add new tiff issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-24 05:14:43 UTC (rev 46498)
+++ data/CVE/list	2016-11-24 05:26:25 UTC (rev 46499)
@@ -806,6 +806,30 @@
 	NOTE: introduce CVE-2016-9448 / http://bugzilla.maptools.org/show_bug.cgi?id=2593
 	NOTE: Fix in 4.0.7 is complete.
 	NOTE: Patch CVE-2016-9448: https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e
+CVE-2016-9540 [cpStripToTile heap-buffer-overflow]
+	- tiff 4.0.7-1
+	NOTE: https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3
+CVE-2016-9539 [Out-of-bounds read in readContigTilesIntoBuffer()]
+	- tiff 4.0.7-1
+	NOTE: https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53
+CVE-2016-9538 [Integer overflow leads to reading undefined buffer in readContigStripsIntoBuffer()]
+	- tiff 4.0.7-1
+	NOTE: https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f
+CVE-2016-9537 [Out-of-bounds write vulnerabilities in tools/tiffcrop.c]
+	- tiff 4.0.7-1
+	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f
+CVE-2016-9536 [t2p_process_jpeg_strip heap-buffer-overflow]
+	- tiff 4.0.7-1
+	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e
+CVE-2016-9535 [Predictor heap-buffer-overflow]
+	- tiff 4.0.7-1
+	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
+CVE-2016-9534 [TIFFFlushData1 heap-buffer-overflow]
+	- tiff 4.0.7-1
+	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
+CVE-2016-9533 [PixarLog horizontalDifference heap-buffer-overflow]
+	- tiff 4.0.7-1
+	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef
 CVE-2016-9532 [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
 	{DLA-716-1}
 	- tiff 4.0.7-1 (bug #844057)

More information about the Secure-testing-commits mailing list