[Secure-testing-commits] r51010 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Apr 24 21:09:00 UTC 2017
Author: jmm
Date: 2017-04-24 21:09:00 +0000 (Mon, 24 Apr 2017)
New Revision: 51010
Modified:
data/CVE/list
Log:
remove three no-dsa for tiff, lined up for DSA
also add upstream fix
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-24 21:08:13 UTC (rev 51009)
+++ data/CVE/list 2017-04-24 21:09:00 UTC (rev 51010)
@@ -1390,7 +1390,6 @@
CVE-2017-7598 (tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a ...)
{DLA-911-1}
- tiff 4.0.7-6 (low)
- [jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (vulnerable code not present)
NOTE: https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
@@ -1410,7 +1409,6 @@
CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows ...)
{DLA-911-1}
- tiff 4.0.7-6 (low; bug #860003)
- [jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2653
NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c
@@ -1418,9 +1416,10 @@
CVE-2017-7594 (The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in ...)
{DLA-911-1}
- tiff 4.0.7-6 (low; bug #860001)
- [jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2659
+ NOTE: https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b
+ NOTE: https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1
CVE-2017-7593 (tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is ...)
{DLA-911-1}
- tiff 4.0.7-6 (bug #860000)
More information about the Secure-testing-commits
mailing list