[Secure-testing-commits] r44319 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Sun Sep 4 19:57:28 UTC 2016
Author: apo
Date: 2016-09-04 19:57:28 +0000 (Sun, 04 Sep 2016)
New Revision: 44319
Modified:
data/CVE/list
Log:
CVE-2010-2596: Clarify fixed version in Stretch.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-04 19:50:05 UTC (rev 44318)
+++ data/CVE/list 2016-09-04 19:57:28 UTC (rev 44319)
@@ -131587,18 +131587,13 @@
- tiff3 3.9.6-1
NOTE: may have been fixed earlier
CVE-2010-2596 (The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and ...)
- - tiff <unfixed> (unimportant)
+ - tiff 4.0.6-1 (unimportant)
- tiff3 <removed> (unimportant)
NOTE: fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2209
- NOTE: The code in OJPEGPostDecode still reads as
- NOTE: 889 if (sp->write_curstrile%tif->tif_dir.td_stripsperimage==0)
- NOTE: 890 {
- NOTE: 891 assert(sp->libjpeg_session_active!=0);
- NOTE: 892 OJPEGLibjpegSessionAbort(tif);
- NOTE: 893 sp->writeheader_done=0;
- NOTE: 894 }
- NOTE: in 4.0.6-1
- TODO: Ask apo about above note, id=2209 patch does not seem applied to 4.0.6-1
+ NOTE: according to upstream http://bugzilla.maptools.org/show_bug.cgi?id=2209#c6
+ NOTE: unreproducible in VCS. Confirmed for version 4.0.6 in Stretch by verifying
+ NOTE: that the reproducer does not trigger the crash anymore.
+ NOTE: Tom Lane's patch should be applied for tiff in Wheezy too.
CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ...)
{DSA-2552-1}
- tiff 3.9.6-1
More information about the Secure-testing-commits
mailing list