[Secure-testing-commits] r52947 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Jun 27 12:31:10 UTC 2017


Author: carnil
Date: 2017-06-27 12:31:10 +0000 (Tue, 27 Jun 2017)
New Revision: 52947

Modified:
   data/CVE/list
Log:
Add bug reporte for CVE-2017-9935/tiff, #866109

Remove Note about unreproducibility. Both 4.0.8-2 and as well testing
against

2017-06-26  Even Rouault <even.rouault at spatialys.com>

        * libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode()
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706
        Reported by team OWL337

exercises the problem with all four provided reproducers.

Oder versions have not been checked source-wise for the issue.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-27 11:29:19 UTC (rev 52946)
+++ data/CVE/list	2017-06-27 12:31:10 UTC (rev 52947)
@@ -102,10 +102,9 @@
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
 CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ...)
-	- tiff <unfixed>
+	- tiff <unfixed> (bug #866109)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2704
-	NOTE: Could not reproduce with the latest CVS version
 CVE-2017-9934
 	RESERVED
 CVE-2017-9933




More information about the Secure-testing-commits mailing list