[Secure-testing-commits] r58510 - in data: . CVE
Brian May
bam at moszumanska.debian.org
Wed Dec 13 06:31:15 UTC 2017
Author: bam
Date: 2017-12-13 06:31:15 +0000 (Wed, 13 Dec 2017)
New Revision: 58510
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark tiff3 in wheezy as not vulnerable to CVE-2017-9935
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-13 06:31:00 UTC (rev 58509)
+++ data/CVE/list 2017-12-13 06:31:15 UTC (rev 58510)
@@ -23264,6 +23264,7 @@
CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ...)
- tiff <unfixed> (bug #866109)
- tiff3 <removed>
+ [wheezy] - tiff3 <not-affected> (does not build vulnerable tiff2pdf)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2704
CVE-2017-9934 (Missing CSRF token checks and improper input validation in Joomla! CMS ...)
NOT-FOR-US: Joomla
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-12-13 06:31:00 UTC (rev 58509)
+++ data/dla-needed.txt 2017-12-13 06:31:15 UTC (rev 58510)
@@ -97,10 +97,6 @@
NOTE: 20171118: At least CVE-2017-16797 is present. (lamby)
NOTE: 20171210: likely to be turned into a pkg with limited sec support
--
-tiff3 (Brian May)
- NOTE: CVE-2017-9935: no upstream fix -- Brian May 2017-11-06
- NOTE: CVE-2017-11613: no upstream fix, "not a bug" according to RH -- anarcat 2017-10-24
---
tor
--
wireshark (Thorsten Alteholz)
More information about the Secure-testing-commits
mailing list