[Secure-testing-commits] r50986 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Mon Apr 24 09:53:55 UTC 2017
Author: apo
Date: 2017-04-24 09:53:55 +0000 (Mon, 24 Apr 2017)
New Revision: 50986
Modified:
data/CVE/list
Log:
CVE-2017-7598,tiff3: Wheezy is not affected.
Vulnerable code is not present
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-24 09:49:31 UTC (rev 50985)
+++ data/CVE/list 2017-04-24 09:53:55 UTC (rev 50986)
@@ -1386,6 +1386,7 @@
- tiff 4.0.7-6 (low)
[jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
+ [wheezy] - tiff3 <not-affected> (vulnerable code not present)
NOTE: https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7597 (tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of ...)
More information about the Secure-testing-commits
mailing list