[Secure-testing-commits] r50204 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Thu Mar 30 17:01:50 UTC 2017
Author: hertzog
Date: 2017-03-30 17:01:50 +0000 (Thu, 30 Mar 2017)
New Revision: 50204
Modified:
data/CVE/list
Log:
More tiff3 CVE triage on wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-30 16:44:22 UTC (rev 50203)
+++ data/CVE/list 2017-03-30 17:01:50 UTC (rev 50204)
@@ -332,6 +332,7 @@
{DSA-3762-1 DLA-795-1}
- tiff 4.0.7-2
- tiff3 <removed>
+ [wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
@@ -339,6 +340,7 @@
{DSA-3762-1 DLA-795-1}
- tiff 4.0.7-2
- tiff3 <removed>
+ [wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
@@ -7246,6 +7248,7 @@
- tiff <unfixed> (bug #850316)
[wheezy] - tiff 4.0.2-6+deb7u7
- tiff3 <removed>
+ - tiff3 <not-affected> (Unreproducible, does not support BigTIFF files)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625
NOTE: probably preemptively fixed in 4.0.2-6+deb7u7 wheezy upload, as test case doesn't trigger issue
NOTE: similar to CVE-2015-7554 and CVE-2016-5318
@@ -7267,6 +7270,7 @@
{DSA-3762-1 DLA-795-1}
- tiff 4.0.7-2
- tiff3 <removed>
+ [wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
CVE-2016-10091 [stack-based buffer overflows in cmd_* functions]
More information about the Secure-testing-commits
mailing list