[Secure-testing-commits] r50029 - in data: CVE DLA DSA
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Mar 25 05:46:58 UTC 2017
Author: carnil
Date: 2017-03-25 05:46:58 +0000 (Sat, 25 Mar 2017)
New Revision: 50029
Modified:
data/CVE/list
data/DLA/list
data/DSA/list
Log:
Add CVE-2016-10271/tiff
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-25 05:40:52 UTC (rev 50028)
+++ data/CVE/list 2017-03-25 05:46:58 UTC (rev 50029)
@@ -13,7 +13,11 @@
CVE-2016-10272 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
TODO: check
CVE-2016-10271 (tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a ...)
- TODO: check
+ - tiff 4.0.7-2
+ NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
+ NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
+ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
+ NOTE: Duplicate assignment of CVE-2016-10092
CVE-2016-10270 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
- tiff 4.0.7-2 (bug #846837)
[wheezy] - tiff 4.0.2-6+deb7u9
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2017-03-25 05:40:52 UTC (rev 50028)
+++ data/DLA/list 2017-03-25 05:46:58 UTC (rev 50029)
@@ -237,7 +237,7 @@
{CVE-2016-10151 CVE-2016-10152}
[wheezy] - hesiod 3.0.2-21+deb7u1
[23 Jan 2017] DLA-795-1 tiff - security update
- {CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2017-5225}
+ {CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10271 CVE-2017-5225}
[wheezy] - tiff 4.0.2-6+deb7u9
[22 Jan 2017] DLA-794-1 groovy - security update
{CVE-2016-6814}
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2017-03-25 05:40:52 UTC (rev 50028)
+++ data/DSA/list 2017-03-25 05:46:58 UTC (rev 50029)
@@ -176,7 +176,7 @@
{CVE-2016-7068}
[jessie] - pdns-recursor 3.6.2-2+deb8u3
[13 Jan 2017] DSA-3762-1 tiff - security update
- {CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094}
+ {CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10271}
[jessie] - tiff 4.0.3-12.3+deb8u2
[13 Jan 2017] DSA-3761-1 rabbitmq-server - security update
{CVE-2016-9877}
More information about the Secure-testing-commits
mailing list