[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-17973/tiff
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 30 09:30:10 UTC 2017
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6c03648f by Salvatore Bonaccorso at 2017-12-30T10:29:52+01:00
Add CVE-2017-17973/tiff
Marked as no-dsa (but we might downgrate it even to unimportant) since
provokes afaics only a crash in commandline tools tiff2pdf.
Since tiff3 does not privide the tools, marked unimportant straight for
src:tiff3.
Note for reviewes: double-check.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -52,7 +52,11 @@ CVE-2017-17975 (Use-after-free in the usbtv_probe function in ...)
CVE-2017-17974 (BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv ...)
TODO: check
CVE-2017-17973 (In LibTIFF 4.0.8, there is a heap-based use-after-free in the ...)
- TODO: check
+ - tiff <unfixed>
+ [stretch] - tiff <no-dsa> (Minor issue)
+ [jessie] - tiff <no-dsa> (Minor issue)
+ - tiff3 <removed> (unimportant)
+ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2769
CVE-2017-1000447
REJECTED
TODO: check
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c03648f52337be31af0f449150bc5c32df75e49
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c03648f52337be31af0f449150bc5c32df75e49
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20171230/f02d84e2/attachment.html>
More information about the Secure-testing-commits
mailing list