[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: tiff/tiff3 CVE triage

Roberto C. Sánchez roberto at debian.org
Sat Jan 27 19:23:53 UTC 2018


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a4b562d by Roberto C. Sánchez at 2018-01-27T14:22:26-05:00
LTS: tiff/tiff3 CVE triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1388,7 +1388,9 @@ CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption i
 	- tiff <unfixed>
 	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	[jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
+	[wheezy] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	- tiff3 <removed>
+	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2772
 CVE-2018-5783 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the ...)
 	- libpodofo <unfixed>
@@ -2427,7 +2429,9 @@ CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...
 	- tiff <unfixed>
 	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	[jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
+	[wheezy] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	- tiff3 <removed>
+	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
 	NOTE: Issue demostrated in tiff via a vector through graphicsmagick, cf.
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/
 	TODO: claimed to be fixed in latest libtiff, but no idication yet which changes adresses the issue
@@ -6621,7 +6625,9 @@ CVE-2017-17942 (In LibTIFF 4.0.9, there is a heap-based buffer over-read in the 
 	- tiff <unfixed> (bug #885579)
 	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	[jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
+	[wheezy] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	- tiff3 <removed>
+	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2767
 CVE-2017-17941 (PHP Scripts Mall Single Theater Booking has SQL Injection via the ...)
 	NOT-FOR-US: PHP Scripts Mall Single Theater Booking
@@ -32731,7 +32737,9 @@ CVE-2017-11613 (In LibTIFF 4.0.8, there is a denial of service vulnerability in 
 	- tiff <unfixed> (low; bug #869823)
 	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	[jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
+	[wheezy] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	- tiff3 <removed>
+	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
 	NOTE: https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2724
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475530
@@ -36272,9 +36280,9 @@ CVE-2017-9816 (Cross-site scripting (XSS) vulnerability in Paessler PRTG Network
 CVE-2017-9815 (In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in ...)
 	- tiff 4.0.8-1
 	[jessie] - tiff <ignored> (Minor issue)
-	[wheezy] - tiff <no-dsa> (Minor issue)
+	[wheezy] - tiff <ignored> (Minor issue)
 	- tiff3 <removed>
-	[wheezy] - tiff3 <no-dsa> (Minor issue)
+	[wheezy] - tiff3 <ignored> (Minor issue)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2682
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b
 	NOTE: The issue is addressed with the same commit as for CVE-2017-9403



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a4b562d322879e33b760d7fa018bed4fad7570c

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a4b562d322879e33b760d7fa018bed4fad7570c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180127/d711d0a3/attachment.html>


More information about the Secure-testing-commits mailing list