[Secure-testing-commits] r52936 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Jun 27 04:36:25 UTC 2017


Author: carnil
Date: 2017-06-27 04:36:24 +0000 (Tue, 27 Jun 2017)
New Revision: 52936

Modified:
   data/CVE/list
Log:
Add CVE-2017-9936/tiff

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-27 04:36:14 UTC (rev 52935)
+++ data/CVE/list	2017-06-27 04:36:24 UTC (rev 52936)
@@ -37,7 +37,10 @@
 	NOTE: to see this as an issue in libjbig itself.
 	TODO: wait for futher development on upstream
 CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF ...)
-	TODO: check
+	- tiff <unfixed>
+	- tiff3 <removed>
+	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706
+	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
 CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ...)
 	TODO: check
 CVE-2017-9934




More information about the Secure-testing-commits mailing list