[Secure-testing-commits] r44315 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Sep 4 19:19:20 UTC 2016
Author: carnil
Date: 2016-09-04 19:19:19 +0000 (Sun, 04 Sep 2016)
New Revision: 44315
Modified:
data/CVE/list
Log:
CVE-2016-2596: revert severity, furthermore mark again as unfixed
The diff from http://bugzilla.maptools.org/show_bug.cgi?id=2209 does not
seem to be applied in 4.0.6-1.
TODO: ask apo for reference which commit should fix this.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-04 19:10:32 UTC (rev 44314)
+++ data/CVE/list 2016-09-04 19:19:19 UTC (rev 44315)
@@ -131587,9 +131587,10 @@
- tiff3 3.9.6-1
NOTE: may have been fixed earlier
CVE-2010-2596 (The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and ...)
- - tiff 4.0.6
+ - tiff <unfixed> (unimportant)
- tiff3 <unfixed> (unimportant)
NOTE: fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2209
+ TODO: Ask apo about above note, id=2209 patch does not seem applied to 4.0.6-1
CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ...)
{DSA-2552-1}
- tiff 3.9.6-1
More information about the Secure-testing-commits
mailing list