[Git][security-tracker-team/security-tracker][master] 2 commits: Remove postponed tag from tiff issues.

Mon Jul 2 11:27:07 BST 2018

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c9aa6568 by Markus Koschany at 2018-07-02T12:26:00+02:00
Remove postponed tag from tiff issues.

- - - - -
97dd4307 by Markus Koschany at 2018-07-02T12:26:58+02:00
Reserve DLA-1411-1 for tiff

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5375,7 +5375,6 @@ CVE-2018-10964
 CVE-2018-10963 (The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF ...)
 	- tiff 4.0.9-6 (bug #898348)
 	[stretch] - tiff <no-dsa> (Minor issue)
-	[jessie] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2795
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9
@@ -10517,7 +10516,6 @@ CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the func
 	{DLA-1378-1 DLA-1377-1}
 	- tiff 4.0.9-6 (bug #893806)
 	[stretch] - tiff <postponed> (Can be fixed along in a future DSA)
-	[jessie] - tiff <postponed> (Can be fixed along in a future DSA)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2780
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
@@ -14364,7 +14362,6 @@ CVE-2018-7456 (A NULL Pointer Dereference occurs in the function TIFFPrintDirect
 	{DLA-1347-1 DLA-1346-1}
 	- tiff 4.0.9-5 (bug #891288)
 	[stretch] - tiff <postponed> (Can be fixed along in a future DSA)
-	[jessie] - tiff <postponed> (Can be fixed along in a future DSA)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2778
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b
@@ -19798,7 +19795,6 @@ CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption i
 	{DLA-1391-1}
 	- tiff 4.0.9-4 (bug #890441)
 	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
-	[jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2772
@@ -52686,7 +52682,6 @@ CVE-2017-11613 (In LibTIFF 4.0.8, there is a denial of service vulnerability in 
 	{DLA-1391-1}
 	- tiff 4.0.9-5 (low; bug #869823)
 	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
-	[jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
 	NOTE: https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f


=====================================
data/DLA/list
=====================================
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[02 Jul 2018] DLA-1411-1 tiff - security update
+	{CVE-2017-11613 CVE-2018-5784 CVE-2018-7456 CVE-2018-8905 CVE-2018-10963}
+	[jessie] - tiff 4.0.3-12.3+deb8u6
 [01 Jul 2018] DLA-1400-2 tomcat7 - regression update
 	[jessie] - tomcat7 7.0.56-3+really7.0.88-2
 [01 Jul 2018] DLA-1410-1 python-pysaml2 - security update


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -95,8 +95,6 @@ symfony
 --
 thunderbird (Emilio Pozuelo)
 --
-tiff (Markus Koschany)
---
 tiff3 (Holger Levsen)
 --
 tomcat8 (Roberto C. Sánchez)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8aa55be3be39c5535fa65ddeb6674c9064585986...97dd430766c40a5681b45af96f37a896f8a2f22d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8aa55be3be39c5535fa65ddeb6674c9064585986...97dd430766c40a5681b45af96f37a896f8a2f22d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180702/54e5f254/attachment-0001.html>
