[Secure-testing-commits] r47646 - data/CVE

[László Böszörményi]

Author: gcs
Date: 2017-01-01 19:01:16 +0000 (Sun, 01 Jan 2017)
New Revision: 47646

Modified:
   data/CVE/list
Log:
Add CVE-2016-1009{2,3,4,5} for tiff


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-01 18:59:53 UTC (rev 47645)
+++ data/CVE/list	2017-01-01 19:01:16 UTC (rev 47646)
@@ -98,6 +98,21 @@
 	RESERVED
 CVE-2017-4955
 	RESERVED
+CVE-2016-10095 (stack-buffer-overflow in tiffsplit)
+	- tiff <unfixed>
+	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625
+CVE-2016-10094 (off-by-one error in tiff2pdf)
+	- tiff <unfixed>
+	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640
+	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
+CVE-2016-10093 (uint32 underflow/overflow that can cause heap-based buffer overflow in tiffcp)
+	- tiff <unfixed>
+	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2610
+	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
+CVE-2016-10092 (heap-buffer-overflow in tiffcrop)
+	- tiff <unfixed>
+	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
+	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
 CVE-2016-10091 [stack-based buffer overflows in cmd_* functions]
 	- unrtf 0.21.9-clean-3 (bug #849705)
 	[jessie] - unrtf <no-dsa> (Minor issue)