[Secure-testing-commits] r50674 - data/CVE

Fri Apr 14 16:56:55 UTC 2017

Author: carnil
Date: 2017-04-14 16:56:55 +0000 (Fri, 14 Apr 2017)
New Revision: 50674

Modified:
   data/CVE/list
Log:
tiff issues fixed in unstable

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-04-14 15:09:55 UTC (rev 50673)
+++ data/CVE/list	2017-04-14 16:56:55 UTC (rev 50674)
@@ -664,53 +664,54 @@
 	NOTE: https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 CVE-2017-7601 (LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" ...)
-	- tiff <unfixed>
+	- tiff 4.0.7-6
 	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 CVE-2017-7600 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...)
-	- tiff <unfixed>
+	- tiff 4.0.7-6
 	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 CVE-2017-7599 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...)
-	- tiff <unfixed>
+	- tiff 4.0.7-6
 	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 CVE-2017-7598 (tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a ...)
-	- tiff <unfixed> (low)
+	- tiff 4.0.7-6 (low)
 	[jessie] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 CVE-2017-7597 (tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of ...)
-	- tiff <unfixed>
+	- tiff 4.0.7-6
 	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 CVE-2017-7596 (LibTIFF 4.0.7 has an "outside the range of representable values of type ...)
-	- tiff <unfixed>
+	- tiff 4.0.7-6
 	- tiff3 <removed>
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
 	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
 CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows ...)
-	- tiff <unfixed> (low; bug #860003)
+	- tiff 4.0.7-6 (low; bug #860003)
 	[jessie] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
+	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2653
 	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c
 	NOTE: https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122
 CVE-2017-7594 (The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in ...)
-	- tiff <unfixed> (low; bug #860001)
+	- tiff 4.0.7-6 (low; bug #860001)
 	[jessie] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2659
 CVE-2017-7593 (tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is ...)
-	- tiff <unfixed> (bug #860000)
+	- tiff 4.0.7-6 (bug #860000)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2651
 CVE-2017-7592 (The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a ...)
-	- tiff <unfixed> (bug #859998)
+	- tiff 4.0.7-6 (bug #859998)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2658
 CVE-2017-7617 (Remote code execution can occur in Asterisk Open Source 13.x before ...)


