[Secure-testing-commits] r50032 - in data: CVE DLA DSA
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Mar 25 05:57:29 UTC 2017
Author: carnil
Date: 2017-03-25 05:57:29 +0000 (Sat, 25 Mar 2017)
New Revision: 50032
Modified:
data/CVE/list
data/DLA/list
data/DSA/list
Log:
Add CVE-2016-10272/tiff
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-25 05:54:50 UTC (rev 50031)
+++ data/CVE/list 2017-03-25 05:57:29 UTC (rev 50032)
@@ -11,7 +11,10 @@
CVE-2017-7255 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...)
NOT-FOR-US: CMS Made Simple
CVE-2016-10272 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
- TODO: check
+ - tiff 4.0.7-2
+ NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
+ NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
+ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
CVE-2016-10271 (tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a ...)
- tiff 4.0.7-2
NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2017-03-25 05:54:50 UTC (rev 50031)
+++ data/DLA/list 2017-03-25 05:57:29 UTC (rev 50032)
@@ -237,7 +237,7 @@
{CVE-2016-10151 CVE-2016-10152}
[wheezy] - hesiod 3.0.2-21+deb7u1
[23 Jan 2017] DLA-795-1 tiff - security update
- {CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10271 CVE-2017-5225}
+ {CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10271 CVE-2016-10272 CVE-2017-5225}
[wheezy] - tiff 4.0.2-6+deb7u9
[22 Jan 2017] DLA-794-1 groovy - security update
{CVE-2016-6814}
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2017-03-25 05:54:50 UTC (rev 50031)
+++ data/DSA/list 2017-03-25 05:57:29 UTC (rev 50032)
@@ -176,7 +176,7 @@
{CVE-2016-7068}
[jessie] - pdns-recursor 3.6.2-2+deb8u3
[13 Jan 2017] DSA-3762-1 tiff - security update
- {CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10271}
+ {CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10271 CVE-2016-10272}
[jessie] - tiff 4.0.3-12.3+deb8u2
[13 Jan 2017] DSA-3761-1 rabbitmq-server - security update
{CVE-2016-9877}
More information about the Secure-testing-commits
mailing list