[Git][security-tracker-team/security-tracker][master] Cleanup CVE-2016-5320 and CVE-2016-5875

Sat May 5 08:04:17 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b05d881 by Salvatore Bonaccorso at 2018-05-05T09:01:01+02:00
Cleanup CVE-2016-5320 and CVE-2016-5875

Cleanup CVE-2016-5320 and CVE-2016-5875 as they were now properly
rejected as reservation duplicates of the CVE-2016-5314 . All is covered
already in CVE-2016-5314.

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -91917,17 +91917,8 @@ CVE-2016-6128 (The gdImageCropThreshold function in gd_crop.c in the GD Graphics
 CVE-2016-5876 (ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery ...)
 	- owncloud <removed>
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-010
-CVE-2016-5875 [tiff: heap-based buffer overflow when using the PixarLog compression format]
+CVE-2016-5875
 	REJECTED
-	{DSA-3762-1 DLA-610-1 DLA-606-1}
-	- tiff 4.0.6-2 (bug #830700)
-	- tiff3 <removed>
-	NOTE: Upstream fix: https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
-	NOTE: Duplicate with CVE-2016-5320 and CVE-2016-5314, cf.
-	NOTE: https://marc.info/?l=oss-security&m=146726894625359&w=2
-	NOTE: but is not yet REJECTED by MITRE.
-	NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-5875.tif
-	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0205/
 CVE-2016-5874 (Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers ...)
 	NOT-FOR-US: Siemens
 CVE-2016-5872 (In all Qualcomm products with Android releases from CAF using the ...)
@@ -93781,12 +93772,8 @@ CVE-2016-5321 (The DumpModeDecode function in libtiff 4.0.6 and earlier allows .
 	NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2558#c2
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2558
 	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=657
-CVE-2016-5320 [rgb2ycbcr: command excution]
+CVE-2016-5320
 	REJECTED
-	{DSA-3762-1 DLA-610-1 DLA-606-1}
-	- tiff 4.0.6-2 (bug #830700)
-	- tiff3 <removed>
-	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554#c1
 CVE-2016-5317 (Buffer overflow in the PixarLogDecode function in libtiff.so in the ...)
 	{DSA-3762-1 DLA-610-1 DLA-606-1}
 	- tiff 4.0.6-2 (bug #830700)


=====================================
data/DLA/list
=====================================
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -2308,7 +2308,7 @@
 	{CVE-2016-5725}
 	[wheezy] - jsch 0.1.42-2+deb7u1
 [04 Sep 2016] DLA-610-1 tiff3 - security update
-	{CVE-2016-6223 CVE-2010-2596 CVE-2013-1961 CVE-2014-8128 CVE-2014-8129 CVE-2014-9655 CVE-2015-1547 CVE-2015-8665 CVE-2015-8683 CVE-2016-3186 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5875}
+	{CVE-2016-6223 CVE-2010-2596 CVE-2013-1961 CVE-2014-8128 CVE-2014-8129 CVE-2014-9655 CVE-2015-1547 CVE-2015-8665 CVE-2015-8683 CVE-2016-3186 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323}
 	[wheezy] - tiff3 3.9.6-11+deb7u1
 [02 Sep 2016] DLA-609-1 linux - security update
 	{CVE-2016-3857 CVE-2016-4470 CVE-2016-5696 CVE-2016-5829 CVE-2016-6136 CVE-2016-6480 CVE-2016-6828 CVE-2016-7118}
@@ -2322,7 +2322,7 @@
 	{CVE-2016-1242}
 	[wheezy] - tryton-server 2.2.4-1+deb7u3
 [30 Aug 2016] DLA-606-1 tiff - security update
-	{CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5875}
+	{CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323}
 	[wheezy] - tiff 4.0.2-6+deb7u6
 [29 Aug 2016] DLA-605-1 eog - security update
 	{CVE-2016-6855}


=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1509,7 +1509,7 @@
 	{CVE-2016-7068}
 	[jessie] - pdns-recursor 3.6.2-2+deb8u3
 [13 Jan 2017] DSA-3762-1 tiff - security update
-	{CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10271 CVE-2016-10272}
+	{CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10271 CVE-2016-10272}
 	[jessie] - tiff 4.0.3-12.3+deb8u2
 [13 Jan 2017] DSA-3761-1 rabbitmq-server - security update
 	{CVE-2016-9877}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b05d881f4aefbe868b86700758c01651e9c176f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b05d881f4aefbe868b86700758c01651e9c176f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180505/4304c730/attachment-0001.html>
