[Secure-testing-commits] r58510 - in data: . CVE

Brian May bam at moszumanska.debian.org
Wed Dec 13 06:31:15 UTC 2017


Author: bam
Date: 2017-12-13 06:31:15 +0000 (Wed, 13 Dec 2017)
New Revision: 58510

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Mark tiff3 in wheezy as not vulnerable to CVE-2017-9935

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-13 06:31:00 UTC (rev 58509)
+++ data/CVE/list	2017-12-13 06:31:15 UTC (rev 58510)
@@ -23264,6 +23264,7 @@
 CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ...)
 	- tiff <unfixed> (bug #866109)
 	- tiff3 <removed>
+	[wheezy] - tiff3 <not-affected> (does not build vulnerable tiff2pdf)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2704
 CVE-2017-9934 (Missing CSRF token checks and improper input validation in Joomla! CMS ...)
 	NOT-FOR-US: Joomla

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-12-13 06:31:00 UTC (rev 58509)
+++ data/dla-needed.txt	2017-12-13 06:31:15 UTC (rev 58510)
@@ -97,10 +97,6 @@
   NOTE: 20171118: At least CVE-2017-16797 is present. (lamby)
   NOTE: 20171210: likely to be turned into a pkg with limited sec support
 --
-tiff3 (Brian May)
-  NOTE: CVE-2017-9935: no upstream fix -- Brian May 2017-11-06
-  NOTE: CVE-2017-11613: no upstream fix, "not a bug" according to RH -- anarcat 2017-10-24
---
 tor
 --
 wireshark (Thorsten Alteholz)




More information about the Secure-testing-commits mailing list