[Secure-testing-commits] r44556 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Sep 13 16:08:33 UTC 2016
Author: hertzog
Date: 2016-09-13 16:08:33 +0000 (Tue, 13 Sep 2016)
New Revision: 44556
Modified:
data/CVE/list
Log:
Update data about CVE-2015-7554/tiff3 on wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-13 15:40:25 UTC (rev 44555)
+++ data/CVE/list 2016-09-13 16:08:33 UTC (rev 44556)
@@ -29144,9 +29144,11 @@
- tiff3 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2015/12/26/7
NOTE: SUSE seem to have a fix (disputed): https://bugzilla.novell.com/show_bug.cgi?id=960341
+ NOTE: Reproducer file here: https://bugzilla.novell.com/attachment.cgi?id=665389
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2564
NOTE: partially fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2564#c2
- NOTE: Minor issue for tiff3 because tiffsplit is not shipped
+ NOTE: --
+ NOTE: The problem is present in tiff3 3.9.6-11+deb7u1 on wheezy (the problematic code gets executed under gdb), however for some reason this does not lead to a segfault.
CVE-2015-7553 [nfnetlink race in NETLINK_NFLOG socket creation]
RESERVED
- linux <not-affected> (RHEL-specific backport bug)
More information about the Secure-testing-commits
mailing list