[Secure-testing-commits] r52935 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Jun 27 04:36:14 UTC 2017
Author: carnil
Date: 2017-06-27 04:36:14 +0000 (Tue, 27 Jun 2017)
New Revision: 52935
Modified:
data/CVE/list
Log:
Add CVE-2017-9937, originally assigned for tiff, but cf. upstream bug
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-27 04:36:04 UTC (rev 52934)
+++ data/CVE/list 2017-06-27 04:36:14 UTC (rev 52935)
@@ -31,7 +31,11 @@
CVE-2017-9938
RESERVED
CVE-2017-9937 (In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A ...)
- TODO: check
+ - jbigkit <undetermined>
+ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2707
+ NOTE: The CVE was assigned for src:tiff by MITRE, but upstream author tends
+ NOTE: to see this as an issue in libjbig itself.
+ TODO: wait for futher development on upstream
CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF ...)
TODO: check
CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ...)
More information about the Secure-testing-commits
mailing list