[Secure-testing-commits] r44548 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Sep 13 09:53:30 UTC 2016
Author: hertzog
Date: 2016-09-13 09:53:30 +0000 (Tue, 13 Sep 2016)
New Revision: 44548
Modified:
data/CVE/list
Log:
Mark CVE-2015-7313/tiff3 as not-affected on wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-13 09:53:08 UTC (rev 44547)
+++ data/CVE/list 2016-09-13 09:53:30 UTC (rev 44548)
@@ -29832,6 +29832,7 @@
[wheezy] - tiff <no-dsa> (Minor issue)
[squeeze] - tiff <not-affected> (Can't reproduce the issue, file is rejected with "Integer overflow in TIFFVStripSize" and "cannot handle zero strip size.")
- tiff3 <removed>
+ [wheezy] - tiff3 <not-affected> (Can't reproduce the issue, file is rejected with "Integer overflow in TIFFVStripSize" and "cannot handle zero strip size.")
NOTE: Test file here: https://marc.info/?l=oss-security&m=144284777006804&q=p6
NOTE: Reproduce with "ltrace -e realloc tiffdither /tmp/oom.tif /dev/null"
NOTE: at the end you see "libtiff.so.5->realloc(0, 1636178024)"
More information about the Secure-testing-commits
mailing list