[Secure-testing-commits] r44315 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Sep 4 19:19:20 UTC 2016


Author: carnil
Date: 2016-09-04 19:19:19 +0000 (Sun, 04 Sep 2016)
New Revision: 44315

Modified:
   data/CVE/list
Log:
CVE-2016-2596: revert severity, furthermore mark again as unfixed

The diff from http://bugzilla.maptools.org/show_bug.cgi?id=2209 does not
seem to be applied in 4.0.6-1.

TODO: ask apo for reference which commit should fix this.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-04 19:10:32 UTC (rev 44314)
+++ data/CVE/list	2016-09-04 19:19:19 UTC (rev 44315)
@@ -131587,9 +131587,10 @@
 	- tiff3 3.9.6-1
 	NOTE: may have been fixed earlier
 CVE-2010-2596 (The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and ...)
-	- tiff 4.0.6
+	- tiff <unfixed> (unimportant)
 	- tiff3 <unfixed> (unimportant)
 	NOTE: fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2209
+	TODO: Ask apo about above note, id=2209 patch does not seem applied to 4.0.6-1
 CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ...)
 	{DSA-2552-1}
 	- tiff 3.9.6-1




More information about the Secure-testing-commits mailing list