[Secure-testing-commits] r44320 - data/CVE

Markus Koschany apo at moszumanska.debian.org
Sun Sep 4 20:47:50 UTC 2016 

Author: apo
Date: 2016-09-04 20:47:50 +0000 (Sun, 04 Sep 2016)
New Revision: 44320

Modified:
   data/CVE/list
Log:
CVE-2016-3634, CVE-2016-3633, CVE-2016-3632, CVE-2016-3631 won't be fixed by

upstream. Marked as wontfix because those tools will be removed upstream. No
patch available.

Minor issue for tiff3 because the tools are not shipped in a binary package.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-04 19:57:28 UTC (rev 44319)
+++ data/CVE/list	2016-09-04 20:47:50 UTC (rev 44320)
@@ -11251,6 +11251,7 @@
 	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2547
 	NOTE: Upstream will remove thumbnail from 4.0.7 release
+	NOTE: No patch available. Issue marked as wontfix by upstream.
 CVE-2016-3633 [Illegal read occurs in the _ setrow function in thumbnail]
 	RESERVED
 	- tiff <unfixed>
@@ -11260,6 +11261,7 @@
 	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2548
 	NOTE: Upstream will remove thumbnail from 4.0.7 release
+	NOTE: No patch available. Issue marked as wontfix by upstream.
 CVE-2016-3632 [Illegal write occurs in the _TIFFVGetField function in tif_dirinfo.c when using thumbnail]
 	RESERVED
 	- tiff <unfixed>
@@ -11269,6 +11271,7 @@
 	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2549
 	NOTE: Upstream will remove thumbnail from 4.0.7 release
+	NOTE: No patch available. Issue marked as wontfix by upstream.
 CVE-2016-3631 [Illegal read in the cpStrips and cpTiles function]
 	RESERVED
 	- tiff <unfixed> (bug #820366)
@@ -11276,6 +11279,7 @@
 	[wheezy] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed> (unimportant)
 	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
+	NOTE: No patch available. Issue marked as wontfix by upstream.
 CVE-2016-3630 (The binary delta decoder in Mercurial before 3.7.3 allows remote ...)
 	{DSA-3542-1}
 	- mercurial 3.7.3-1 (bug #819504)

More information about the Secure-testing-commits mailing list