[Secure-testing-commits] r52251 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-06-03 04:21:15 +0000 (Sat, 03 Jun 2017)
New Revision: 52251

Modified:
   data/CVE/list
Log:
Add more or less extensive note for CVE-2017-9404

Note for reviewers, remove the TODO if you agree with the NOTE analysis
(which might be reduced to not clutter the security tracker).

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-03 03:23:09 UTC (rev 52250)
+++ data/CVE/list	2017-06-03 04:21:15 UTC (rev 52251)
@@ -25,7 +25,18 @@
 	- tiff 4.0.8-1
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2688
-	TODO: check, possibly fixed with the 2017-04-27 commit to libtiff/tif_ojpeg.c
+	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b
+	NOTE: Possibly sensible to add the other memory leaks fixes in OJPEGReadHeaderInfoSecTables
+	NOTE: method from tif_ojpeg.c, i.e.:
+	NOTE: https://github.com/vadz/libtiff/commit/e9bd1b06fe25219cf0873fca70e46f01843fd9f4
+	NOTE: https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1
+	NOTE: Reproducing the issue itself is "covered" after fixing https://github.com/vadz/libtiff/commit/5ed9fea523316c2f5cec4d393e4d5d671c2dbc33
+	NOTE: To verify 2ea32f7372b65c24b2816f11c04bf59b5090d05b fixes the issue build src:tiff
+	NOTE: with ASAN with 5ed9fea523316c2f5cec4d393e4d5d671c2dbc33 reverted. Before the
+	NOTE: 2ea32f7372b65c24b2816f11c04bf59b5090d05b commit the Direct leak of 73 byte
+	NOTE: with backtrace following the methods in http://bugzilla.maptools.org/show_bug.cgi?id=2688
+	NOTE: is shown.
+	TODO: check, not able to reproducing the issue does not necessarly mean the issue is fixed, but the 'direct leak' via OJPEGReadHeaderInfoSecTables should be fixed by the three commits at latest in 4.0.8.
 CVE-2017-9403 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the function ...)
 	- tiff 4.0.8-1
 	- tiff3 <removed>