[Secure-testing-commits] r44558 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Sep 13 16:08:58 UTC 2016
Author: hertzog
Date: 2016-09-13 16:08:58 +0000 (Tue, 13 Sep 2016)
New Revision: 44558
Modified:
data/CVE/list
Log:
Update info on CVE-2016-5318
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-13 16:08:48 UTC (rev 44557)
+++ data/CVE/list 2016-09-13 16:08:58 UTC (rev 44558)
@@ -9079,6 +9079,11 @@
- tiff3 <removed>
NOTE: _TIFFVGetField isn't specific to thumbnail tool
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2561
+ NOTE: This seems a duplicate of CVE-2015-7554 (http://bugzilla.maptools.org/show_bug.cgi?id=2564). At the very least, a generic fix for CVE-2015-7554 would also fix this one as the illegal write is at the exact same location in the code.
+ NOTE: Reproducer file here: http://bugzilla.maptools.org/attachment.cgi?id=671
+ NOTE: With 4.0.6-2 (sid), I get a segfault.
+ NOTE: With 4.0.3-12.3+deb8u1 (jessie), I get a segfault.
+ NOTE: With 3.9.6-11+deb7u1 (wheezy), I get a failure: MissingRequired: ../CVE-2016-5318.tiff: TIFF directory is missing required "StripOffsets" field.
CVE-2016-5301 (The parse_chunk_header function in libtorrent before 1.1.1 allows ...)
{DLA-511-1}
- libtorrent-rasterbar 1.1.0-1 (bug #826380)
More information about the Secure-testing-commits
mailing list