[Secure-testing-commits] r51039 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Apr 25 17:49:25 UTC 2017


Author: jmm
Date: 2017-04-25 17:49:25 +0000 (Tue, 25 Apr 2017)
New Revision: 51039

Modified:
   data/CVE/list
Log:
remove on tiff no-dsa, add patch refs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-25 17:47:48 UTC (rev 51038)
+++ data/CVE/list	2017-04-25 17:49:25 UTC (rev 51039)
@@ -1490,12 +1490,14 @@
 	- tiff 4.0.7-6 (bug #860000)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2651
+	NOTE: https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1
 CVE-2017-7592 (The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a ...)
 	{DLA-911-1}
 	- tiff 4.0.7-6 (bug #859998)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <not-affected> (vulnerable code not present)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2658
+	NOTE: https://github.com/vadz/libtiff/commit/48780b4fcc425cddc4ef8ffdf536f96a0d1b313b
 CVE-2017-7617 (Remote code execution can occur in Asterisk Open Source 13.x before ...)
 	- asterisk 1:13.14.1~dfsg-1 (bug #859910)
 	[jessie] - asterisk <not-affected> (Vulnerable code not present)
@@ -41143,7 +41145,6 @@
 	NOTE: Requires authenticated user
 CVE-2016-3658 (The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in ...)
 	- tiff 4.0.6-3 (low)
-	[jessie] - tiff <no-dsa> (Minor issue)
 	[wheezy] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed> (low)
 	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)




More information about the Secure-testing-commits mailing list