[Secure-testing-commits] r51789 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun May 21 04:17:02 UTC 2017
Author: carnil
Date: 2017-05-21 04:17:02 +0000 (Sun, 21 May 2017)
New Revision: 51789
Modified:
data/CVE/list
Log:
Two CVEs (CVE-2016-10371 and CVE-2015-7554) fixed in tiff upload, #809066, #842043, #862929
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-21 04:15:21 UTC (rev 51788)
+++ data/CVE/list 2017-05-21 04:17:02 UTC (rev 51789)
@@ -600,7 +600,7 @@
CVE-2017-8856 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and ...)
NOT-FOR-US: Veritas NetBackup
CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in ...)
- - tiff <unfixed> (low; bug #862929)
+ - tiff 4.0.7-7 (low; bug #862929)
[jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
[wheezy] - tiff3 <no-dsa> (tiff tools are not built, can be fixed later)
@@ -58902,7 +58902,7 @@
NOTE: Upstream fix http://sourceforge.net/p/giflib/code/ci/179510be300bf11115e37528d79619b53c884a63
CVE-2015-7554 (The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows ...)
{DLA-693-1 DLA-692-1}
- - tiff <unfixed> (bug #809066; bug #842043; bug #850316)
+ - tiff 4.0.7-7 (bug #809066; bug #842043; bug #850316)
- tiff3 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2015/12/26/7
NOTE: SUSE seem to have a fix (disputed): https://bugzilla.novell.com/show_bug.cgi?id=960341
More information about the Secure-testing-commits
mailing list