[Secure-testing-commits] r45598 - data/CVE

Nicholas Luedtke nluedtke-guest at moszumanska.debian.org
Tue Oct 25 18:12:44 UTC 2016 

Author: nluedtke-guest
Date: 2016-10-25 18:12:43 +0000 (Tue, 25 Oct 2016)
New Revision: 45598

Modified:
   data/CVE/list
Log:
Update CVEs for src:tiff

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-25 17:55:27 UTC (rev 45597)
+++ data/CVE/list	2016-10-25 18:12:43 UTC (rev 45598)
@@ -1524,12 +1524,13 @@
 	[wheezy] - redis <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0206/
-CVE-2016-8338
+CVE-2016-8338 [heap based buffer overflow in LibTIFFs PixarLogDecode api]
 	RESERVED
-	- tiff <unfixed>
+	- tiff 4.0.6-2
 	- tiff3 <removed>
-	NOTE: http://blog.talosintel.com/2016/10/LibTIFF-Code-Execution.html
-	TODO: check if the same as CVE-2016-5875
+	NOTE: LibTIFF maintainers indicate this is a duplicate of CVE-2016-5875
+	NOTE: Not yet REJECTED
+	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0205/
 CVE-2016-8337
 	RESERVED
 CVE-2016-8336
@@ -1545,11 +1546,11 @@
 	- openjpeg2 2.1.2-1
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0193/
 	NOTE: https://github.com/uclouvain/openjpeg/pull/820
-CVE-2016-8331
+CVE-2016-8331 [type confusion vulnerability resulting in remote code execution]
 	RESERVED
 	- tiff <unfixed>
 	- tiff3 <removed>
-	NOTE: http://blog.talosintel.com/2016/10/LibTIFF-Code-Execution.html
+	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0190/
 CVE-2016-8330
 	RESERVED
 CVE-2016-8329
@@ -10098,11 +10099,11 @@
 	NOT-FOR-US: Misys
 CVE-2016-5653 (Multiple SQL injection vulnerabilities in Misys FusionCapital Opics ...)
 	NOT-FOR-US: Misys
-CVE-2016-5652
+CVE-2016-5652 [heap based buffer overflow in LibTIFFs TIFF2PDF tool]
 	RESERVED
 	- tiff <unfixed>
 	- tiff3 <removed>
-	NOTE: http://blog.talosintel.com/2016/10/LibTIFF-Code-Execution.html
+	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0187/
 	NOTE: https://github.com/vadz/libtiff/commit/b5d6803f0898e931cf772d3d0755704ab8488e63
 CVE-2016-5651
 	RESERVED

More information about the Secure-testing-commits mailing list