[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-5360/tiff added

Salvatore Bonaccorso carnil at debian.org
Sun Jan 14 09:45:35 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5fd48f6a by Salvatore Bonaccorso at 2018-01-14T10:44:00+01:00
CVE-2018-5360/tiff added

Note that the issue is claimed to be fixed in a later/latest version of
libtiff. But the reporter does not provide any more information than:

> Thanks for your reply.
> We have checked the issue carefully and found it is a bug in libtiff,
> which got fixed in the latest version of libtiff.
> Thanks again.

Cf. https://sourceforge.net/p/graphicsmagick/bugs/540/#19db/0e4d/5217/a555

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -716,7 +716,11 @@ CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
 CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via ...)
 	NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...)
-	TODO: check
+	- tiff <unfixed>
+	- tiff3 <removed>
+	NOTE: Isue demostrated in tiff via a vector through graphicsmagick, cf.
+	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/
+	TODO: claimed to be fixed in latest libtiff, but no idication yet which changes adresses the issue
 CVE-2018-5359
 	RESERVED
 CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5fd48f6a4ed6b5980acf38fa5d2161545815971a

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5fd48f6a4ed6b5980acf38fa5d2161545815971a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180114/8f869c2c/attachment-0001.html>

More information about the Secure-testing-commits mailing list