[Secure-testing-commits] r47982 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Jan 13 15:55:31 UTC 2017 

Author: jmm
Date: 2017-01-13 15:55:31 +0000 (Fri, 13 Jan 2017)
New Revision: 47982

Modified:
   data/CVE/list
Log:
mark mark dropped tools as unfixed in sid


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-13 15:53:19 UTC (rev 47981)
+++ data/CVE/list	2017-01-13 15:55:31 UTC (rev 47982)
@@ -26646,7 +26646,7 @@
 CVE-2016-5319 [libtiff: PackBitsEncode heap buffer overflow]
 	RESERVED
 	{DLA-693-1}
-	- tiff <unfixed> (bug #842046)
+	- tiff 4.0.6-3 (bug #842046)
 	- tiff3 <removed>
 	[jessie] - tiff 4.0.3-12.3+deb8u2
 	[wheezy] - tiff3 <not-affected> (tools like bmp2tiff not shipped by tiff3 source package)
@@ -31997,7 +31997,7 @@
 	NOT-FOR-US: SAP Netweaver
 CVE-2016-3634 (The tagCompare function in tif_dirinfo.c in the thumbnail tool in ...)
 	{DLA-693-1}
-	- tiff <unfixed>
+	- tiff 4.0.6-3
 	[jessie] - tiff 4.0.3-12.3+deb8u2
 	- tiff3 <removed> (unimportant)
 	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
@@ -32019,7 +32019,7 @@
 	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
 CVE-2016-3632 (The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and ...)
 	{DLA-693-1}
-	- tiff <unfixed>
+	- tiff 4.0.6-3
 	[jessie] - tiff 4.0.3-12.3+deb8u2
 	- tiff3 <removed> (unimportant)
 	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
@@ -32078,7 +32078,7 @@
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286
 CVE-2016-3621 (The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF ...)
 	{DLA-693-1}
-	- tiff <unfixed> (low; bug #820364)
+	- tiff 4.0.6-3 (low; bug #820364)
 	[jessie] - tiff 4.0.3-12.3+deb8u2
 	- tiff3 <not-affected> (tiff tools not built)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2565
@@ -32087,7 +32087,7 @@
 	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
 CVE-2016-3620 (The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF ...)
 	{DLA-693-1}
-	- tiff <unfixed> (low; bug #820363)
+	- tiff 4.0.6-3 (low; bug #820363)
 	[jessie] - tiff 4.0.3-12.3+deb8u2
 	- tiff3 <not-affected> (tiff tools not built)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2570
@@ -32096,7 +32096,7 @@
 	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
 CVE-2016-3619 (The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in ...)
 	{DLA-693-1}
-	- tiff <unfixed> (low; bug #820362)
+	- tiff 4.0.6-3 (low; bug #820362)
 	[jessie] - tiff 4.0.3-12.3+deb8u2
 	- tiff3 <not-affected> (tiff tools not built)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2567

More information about the Secure-testing-commits mailing list