[Secure-testing-commits] r47658 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Jan 1 23:37:19 UTC 2017
Author: jmm
Date: 2017-01-01 23:37:18 +0000 (Sun, 01 Jan 2017)
New Revision: 47658
Modified:
data/CVE/list
Log:
mark CVE-2015-8668 as fixed in tiff 4.0.6-3, the issue is in fact
in gif2tiff's use of PackBitsPreEncode
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-01 23:15:15 UTC (rev 47657)
+++ data/CVE/list 2017-01-01 23:37:18 UTC (rev 47658)
@@ -39859,7 +39859,7 @@
NOTE: non-issue for Debian-packaged version
CVE-2015-8668 (Heap-based buffer overflow in the PackBitsPreEncode function in ...)
{DLA-693-1}
- - tiff <unfixed> (bug #842046)
+ - tiff 4.0.6-3 (bug #842046)
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2563
@@ -39868,7 +39868,7 @@
NOTE: Issue was also marked as wontfix, because bmp2tiff utility has been removed
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2563#c4
NOTE: Reproducer file here: http://bugzilla.maptools.org/attachment.cgi?id=677
- NOTE: bmp2tiff was removed in 4.0.6-3, but the affected function is still present
+ NOTE: bmp2tiff was removed in 4.0.6-3
CVE-2015-8683 (The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 ...)
{DSA-3467-1 DLA-610-1 DLA-402-1}
- tiff 4.0.6-1 (bug #809021)
More information about the Secure-testing-commits
mailing list