[Secure-testing-commits] r51552 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Thu May 11 20:50:41 UTC 2017
Author: apo
Date: 2017-05-11 20:50:41 +0000 (Thu, 11 May 2017)
New Revision: 51552
Modified:
data/CVE/list
Log:
CVE-2016-10371,tiff,tiff3: Mark tiff3 no-dsa in Wheezy
tiff3: tools are not built but could be fixed later when more serious issues
arise. Add link to fixing commit.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-11 19:36:59 UTC (rev 51551)
+++ data/CVE/list 2017-05-11 20:50:41 UTC (rev 51552)
@@ -85,8 +85,10 @@
CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in ...)
- tiff <unfixed>
- tiff3 <removed>
+ [wheezy] - tiff3 <no-dsa> (tiff tools are not built, can be fixed later)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2612
+ NOTE: Fixed by: https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d
CVE-2017-1000044 [Incorrect boundaries check when updating framebuffer]
- gtk-vnc 0.4.3-1
NOTE: Fixed by: https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 (release-0.4.3)
More information about the Secure-testing-commits
mailing list