[Secure-testing-commits] r50131 - data/CVE

Tue Mar 28 14:34:22 UTC 2017

Author: hertzog
Date: 2017-03-28 14:34:22 +0000 (Tue, 28 Mar 2017)
New Revision: 50131

Modified:
   data/CVE/list
Log:
Add a bunch of missing "tiff3" assignations

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-03-28 13:42:37 UTC (rev 50130)
+++ data/CVE/list	2017-03-28 14:34:22 UTC (rev 50131)
@@ -7084,6 +7084,7 @@
 CVE-2016-10095 (Stack-based buffer overflow in the _TIFFVGetField function in ...)
 	- tiff <unfixed> (bug #850316)
 	[wheezy] - tiff 4.0.2-6+deb7u7
+	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625
 	NOTE: probably preemptively fixed in 4.0.2-6+deb7u7 wheezy upload, as test case doesn't trigger issue
 	NOTE: similar to CVE-2015-7554 and CVE-2016-5318
@@ -7091,16 +7092,19 @@
 	{DSA-3762-1}
 	- tiff 4.0.7-4
 	[wheezy] - tiff <not-affected> (vulnerable code introduced later)
+	- tiff3 <not-affected> (vulnerable code introduced later)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
 CVE-2016-10093 (Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote ...)
 	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-2
+	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2610
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
 CVE-2016-10092 (Heap-based buffer overflow in the readContigStripsIntoBuffer function ...)
 	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-2
+	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
 CVE-2016-10091 [stack-based buffer overflows in cmd_* functions]
@@ -19707,35 +19711,43 @@
 CVE-2016-9540 (tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled ...)
 	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1
+	- tiff3 <not-affected> (tiff3 not shipping tools)
 	NOTE: https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3
 CVE-2016-9539 (tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in ...)
 	- tiff 4.0.7-1 (unimportant)
+	- tiff3 <not-affected> (tiff3 not shipping tools)
 	NOTE: https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53
 	NOTE: Crash in CLI tool, no security impact
 CVE-2016-9538 (tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in ...)
 	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1
+	- tiff3 <not-affected> (tiff3 not shipping tools)
 	NOTE: https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f
 CVE-2016-9537 (tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write ...)
 	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1
+	- tiff3 <not-affected> (tiff3 not shipping tools)
 	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f
 CVE-2016-9536 (tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write ...)
 	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1
+	- tiff3 <not-affected> (tiff3 not shipping tools)
 	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e
 CVE-2016-9535 (tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that ...)
 	{DLA-795-1}
 	- tiff 4.0.7-1
+	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
 	NOTE: https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
 CVE-2016-9534 (tif_write.c in libtiff 4.0.6 has an issue in the error code path of ...)
 	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1
+	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
 CVE-2016-9533 (tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities ...)
 	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-1
+	- tiff3 <removed>
 	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef
 CVE-2016-9532 (Integer overflow in the writeBufferToSeparateStrips function in ...)
 	{DSA-3762-1 DLA-716-1}
@@ -36101,6 +36113,7 @@
 	[wheezy] - tiff 4.0.2-6+deb7u4
 	NOTE: Fixed already with the patch applied in 4.0.3-12 in unstable for the
 	NOTE: CVE-2014-9330 issue.
+	- tiff3 <not-affected> (libtiff-tools not shipped in tiff3)
 CVE-2013-7455 (Double free vulnerability in the DefaultICCintents function in ...)
 	- lcms2 2.6-1
 	[wheezy] - lcms2 <not-affected> (vulnerable code not present, no cmsPipelineFree(Lut); in Error:-part)
@@ -43585,24 +43598,28 @@
 CVE-2015-8783 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
 	{DSA-3467-1 DLA-405-1}
 	- tiff 4.0.6-1
+	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
 	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
 CVE-2015-8782 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
 	{DSA-3467-1 DLA-405-1}
 	- tiff 4.0.6-1
+	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
 	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
 CVE-2015-8781 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
 	{DSA-3467-1 DLA-405-1}
 	- tiff 4.0.6-1
+	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522#0
 	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
 CVE-2015-8784 (The NeXTDecode function in tif_next.c in LibTIFF allows remote ...)
 	{DSA-3467-1 DLA-405-1}
 	- tiff 4.0.6-1
+	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2508
 	NOTE: Can be reproduced with tiff compiled with AddressSanitizer
 	NOTE: and the same reproducer file http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif


