[Secure-testing-commits] r45588 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Oct 25 14:31:29 UTC 2016
Author: hertzog
Date: 2016-10-25 14:31:25 +0000 (Tue, 25 Oct 2016)
New Revision: 45588
Modified:
data/CVE/list
Log:
File two bugs on some important tiff issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-25 14:24:03 UTC (rev 45587)
+++ data/CVE/list 2016-10-25 14:31:25 UTC (rev 45588)
@@ -11694,7 +11694,7 @@
RESERVED
CVE-2016-5319 [libtiff: PackBitsEncode heap buffer overflow]
RESERVED
- - tiff <unfixed>
+ - tiff <unfixed> (bug #842046)
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (tools like bmp2tiff not shipped by tiff3 source package)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2562
@@ -16864,7 +16864,7 @@
NOTE: Upstream will remove thumbnail from 4.0.7 release
NOTE: No patch available. Issue marked as wontfix by upstream.
CVE-2016-3633 (The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier ...)
- - tiff <unfixed>
+ - tiff <unfixed> (bug #842046)
[jessie] - tiff <no-dsa> (Minor issue)
[wheezy] - tiff <no-dsa> (Minor issue)
- tiff3 <removed> (unimportant)
@@ -25495,7 +25495,7 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2015-6/
NOTE: non-issue for Debian-packaged version
CVE-2015-8668 (Heap-based buffer overflow in the PackBitsPreEncode function in ...)
- - tiff <unfixed>
+ - tiff <unfixed> (bug #842046)
- tiff3 <removed>
[wheezy] - tiff3 <no-dsa> (Issue is in bmp2tiff but we don't ship tools, tools are shipped by "tiff")
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2563
More information about the Secure-testing-commits
mailing list