[Secure-testing-commits] r50204 - data/CVE

Raphaël Hertzog hertzog at moszumanska.debian.org
Thu Mar 30 17:01:50 UTC 2017


Author: hertzog
Date: 2017-03-30 17:01:50 +0000 (Thu, 30 Mar 2017)
New Revision: 50204

Modified:
   data/CVE/list
Log:
More tiff3 CVE triage on wheezy

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-30 16:44:22 UTC (rev 50203)
+++ data/CVE/list	2017-03-30 17:01:50 UTC (rev 50204)
@@ -332,6 +332,7 @@
 	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-2
 	- tiff3 <removed>
+	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
 	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
 	NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
@@ -339,6 +340,7 @@
 	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-2
 	- tiff3 <removed>
+	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
 	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
 	NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
@@ -7246,6 +7248,7 @@
 	- tiff <unfixed> (bug #850316)
 	[wheezy] - tiff 4.0.2-6+deb7u7
 	- tiff3 <removed>
+	- tiff3 <not-affected> (Unreproducible, does not support BigTIFF files)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625
 	NOTE: probably preemptively fixed in 4.0.2-6+deb7u7 wheezy upload, as test case doesn't trigger issue
 	NOTE: similar to CVE-2015-7554 and CVE-2016-5318
@@ -7267,6 +7270,7 @@
 	{DSA-3762-1 DLA-795-1}
 	- tiff 4.0.7-2
 	- tiff3 <removed>
+	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
 CVE-2016-10091 [stack-based buffer overflows in cmd_* functions]




More information about the Secure-testing-commits mailing list