[Secure-testing-commits] r48324 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Jan 24 09:10:12 UTC 2017 

Author: sectracker
Date: 2017-01-24 09:10:12 +0000 (Tue, 24 Jan 2017)
New Revision: 48324

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-24 08:39:42 UTC (rev 48323)
+++ data/CVE/list	2017-01-24 09:10:12 UTC (rev 48324)
@@ -131,12 +131,14 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/a45f795c65b479b4ba107b6ccde29b896d51ee98 (v4.10-rc1)
 CVE-2016-10152 [Use of hard-coded DNS domain if configuration file cannot be read]
 	RESERVED
+	{DLA-796-1}
 	- hesiod <unfixed> (low; bug #852093)
 	[jessie] - hesiod <no-dsa> (Minor issue)
 	NOTE: https://github.com/achernya/hesiod/pull/10
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332493
 CVE-2016-10151 [Weak SUID check allowing privilege elevation]
 	RESERVED
+	{DLA-796-1}
 	- hesiod <unfixed> (low; bug #852094)
 	[jessie] - hesiod <no-dsa> (Minor issue)
 	NOTE: https://github.com/achernya/hesiod/pull/9
@@ -929,6 +931,7 @@
 CVE-2017-5227
 	RESERVED
 CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the ...)
+	{DLA-795-1}
 	- tiff 4.0.7-5 (bug #851297)
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2656
@@ -1736,13 +1739,13 @@
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
 CVE-2016-10093 [uint32 underflow/overflow that can cause heap-based buffer overflow in tiffcp]
 	RESERVED
-	{DSA-3762-1}
+	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-2
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2610
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
 CVE-2016-10092 [heap-buffer-overflow in tiffcrop]
 	RESERVED
-	{DSA-3762-1}
+	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-2
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
@@ -14204,7 +14207,7 @@
 	NOTE: Fix in 4.0.7 is complete.
 	NOTE: Patch CVE-2016-9448: https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e
 CVE-2016-9540 (tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled ...)
-	{DSA-3762-1}
+	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1
 	NOTE: https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3
 CVE-2016-9539 (tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in ...)
@@ -14212,27 +14215,28 @@
 	NOTE: https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53
 	NOTE: Crash in CLI tool, no security impact
 CVE-2016-9538 (tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in ...)
-	{DSA-3762-1}
+	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1
 	NOTE: https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f
 CVE-2016-9537 (tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write ...)
-	{DSA-3762-1}
+	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1
 	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f
 CVE-2016-9536 (tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write ...)
-	{DSA-3762-1}
+	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1
 	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e
 CVE-2016-9535 (tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that ...)
+	{DLA-795-1}
 	- tiff 4.0.7-1
 	NOTE: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
 	NOTE: https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
 CVE-2016-9534 (tif_write.c in libtiff 4.0.6 has an issue in the error code path of ...)
-	{DSA-3762-1}
+	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1
 	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
 CVE-2016-9533 (tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities ...)
-	{DSA-3762-1}
+	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1
 	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef
 CVE-2016-9532 [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
@@ -31981,7 +31985,7 @@
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2543
 	NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-3991.tif
 CVE-2016-3990 (Heap-based buffer overflow in the horizontalDifference8 function in ...)
-	{DSA-3762-1 DLA-610-1}
+	{DSA-3762-1 DLA-795-1 DLA-610-1}
 	- tiff 4.0.7-1 (bug #836570)
 	- tiff3 <removed> (unimportant)
 	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
@@ -32204,7 +32208,7 @@
 CVE-2016-3946 (SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP ...)
 	TODO: check
 CVE-2016-3945 (Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile ...)
-	{DSA-3762-1 DLA-610-1}
+	{DSA-3762-1 DLA-795-1 DLA-610-1}
 	- tiff 4.0.7-1
 	- tiff3 <removed> (unimportant)
 	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
@@ -33079,19 +33083,19 @@
 	NOTE: CVE probably should/needs to be rejected, since upstream is as well unable to
 	NOTE: reproduce the issue. Might have been a problem on reporter from id=2566
 CVE-2016-3624 (The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and ...)
-	{DSA-3762-1}
+	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.6-3
 	- tiff3 <not-affected> (tiff tools not built)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2568
 	NOTE: Upstream marked this duplicate of bug 2569
 CVE-2016-3623 (The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote ...)
-	{DSA-3762-1 DLA-610-1}
+	{DSA-3762-1 DLA-795-1 DLA-610-1}
 	- tiff 4.0.6-3 (unimportant)
 	- tiff3 <removed> (unimportant)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2569
 	NOTE: No security impact, just triggers a crash in a CLI tool
 CVE-2016-3622 (The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF ...)
-	{DSA-3762-1}
+	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1 (low; bug #820365)
 	- tiff3 <not-affected> (tiff tools not built)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/4

More information about the Secure-testing-commits mailing list