[Secure-testing-commits] r50028 - data/CVE

Sat Mar 25 05:40:53 UTC 2017

Author: carnil
Date: 2017-03-25 05:40:52 +0000 (Sat, 25 Mar 2017)
New Revision: 50028

Modified:
   data/CVE/list
Log:
Add CVE-2016-10270/tiff

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-03-25 05:36:36 UTC (rev 50027)
+++ data/CVE/list	2017-03-25 05:40:52 UTC (rev 50028)
@@ -15,7 +15,13 @@
 CVE-2016-10271 (tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a ...)
 	TODO: check
 CVE-2016-10270 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	- tiff 4.0.7-2 (bug #846837)
+	[wheezy] - tiff 4.0.2-6+deb7u9
+	- tiff3 <removed>
+	[wheezy] - tiff3 <not-affected> (Unreproducible)
+	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
+	NOTE: https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
+	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608
 CVE-2016-10269 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
 	- tiff 4.0.7-2
 	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
@@ -12025,13 +12031,6 @@
 	NOTE: can be used to verify a fix (which trigger the issue in unzip -l but crash
 	NOTE: in different areas of the unzip codebase)
 	NOTE: http://www.openwall.com/lists/oss-security/2014/11/03/5
-CVE-2016-XXXX [heap-based buffer overflow in TIFFFillStrip (tif_read.c)]
-	- tiff 4.0.7-2 (bug #846837)
-	[wheezy] - tiff 4.0.2-6+deb7u9
-	- tiff3 <removed>
-	[wheezy] - tiff3 <not-affected> (Unreproducible)
-	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608
-	NOTE: https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
 CVE-2016-XXXX [tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing]
 	- tiff 4.0.7-2 (unimportant; bug #846838)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2619


