[Git][security-tracker-team/security-tracker][master] tiff triage

Thu Nov 29 22:11:06 GMT 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0c89e95d by Moritz Muehlenhoff at 2018-11-29T22:10:40Z
tiff triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4162,7 +4162,7 @@ CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function
 	NOTE: Duplicate of CVE-2018-10754
 CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the ...)
 	- tiff <unfixed> (bug #913675)
-	[stretch] - tiff <no-dsa> (Minor issue)
+	[stretch] - tiff <postponed> (Minor issue, revisit when fixed upstream)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2820
 CVE-2018-19209 (Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the ...)
@@ -5453,10 +5453,11 @@ CVE-2018-18662 (There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700043
 	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=164ddc22ee0d5b63a81d5148f44c37dd132a9356
 CVE-2018-18661 (An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer ...)
-	- tiff 4.0.10-1 (bug #912012)
-	- tiff3 <removed>
+	- tiff 4.0.10-1 (unimportant; bug #912012)
+	- tiff3 <removed> (unimportant)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2819
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f
+	NOTE: No security impact, crash in CLI tool
 CVE-2018-18660 (An issue was discovered in Arcserve Unified Data Protection (UDP) ...)
 	NOT-FOR-US: Arcserve Unified Data Protection
 CVE-2018-18659 (An issue was discovered in Arcserve Unified Data Protection (UDP) ...)
@@ -9380,13 +9381,14 @@ CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two out-of-b
 	- tiff 4.0.9+git181026-1 (bug #909037)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2807
-	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577
+	NOTE: https://gitlab.com/libtiff/libtiff/commit/f1b94e8a3ba49febdd3361c0214a1d1149251577
 CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in ...)
 	{DLA-1557-1}
 	- tiff 4.0.9+git181026-1 (bug #909038)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2810
 	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e
+	NOTE: https://gitlab.com/libtiff/libtiff/commit/6da1fb3f64d43be37e640efbec60400d1f1ac39e
 CVE-2018-17099
 	RESERVED
 CVE-2018-17098 (The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 ...)
@@ -11374,7 +11376,6 @@ CVE-2018-16336 (Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows r
 	NOTE: https://github.com/Exiv2/exiv2/commit/35b3e596edacd2437c2c5d3dd2b5c9502626163d
 CVE-2018-16335 (newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c ...)
 	- tiff 4.0.9-5 (bug #907795)
-	[stretch] - tiff <postponed> (Can be fixed along in future DSA)
 	[jessie] - tiff 4.0.3-12.3+deb8u6
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2809
@@ -14135,7 +14136,6 @@ CVE-2018-15210
 	RESERVED
 CVE-2018-15209 (ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows ...)
 	- tiff 4.0.9-5 (bug #905798)
-	[stretch] - tiff <postponed> (Can be fixed along in future DSA)
 	[jessie] - tiff <not-affected> (Cannot reproduce with crash file)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2808
@@ -30705,7 +30705,6 @@ CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...)
 CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function ...)
 	{DLA-1411-1 DLA-1378-1 DLA-1377-1}
 	- tiff 4.0.9-6 (bug #893806)
-	[stretch] - tiff <postponed> (Can be fixed along in a future DSA)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2780
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
@@ -34629,7 +34628,6 @@ CVE-2018-7457
 CVE-2018-7456 (A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in ...)
 	{DLA-1411-1 DLA-1347-1 DLA-1346-1}
 	- tiff 4.0.9-5 (bug #891288)
-	[stretch] - tiff <postponed> (Can be fixed along in a future DSA)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2778
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b
@@ -40181,7 +40179,6 @@ CVE-2018-5785 (In OpenJPEG 2.3.0, there is an integer overflow caused by an ...)
 CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the ...)
 	{DLA-1411-1 DLA-1391-1}
 	- tiff 4.0.9-4 (bug #890441)
-	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2772
@@ -41362,15 +41359,12 @@ CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
 CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via ...)
 	NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...)
-	- tiff <unfixed>
-	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
-	[jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
-	[wheezy] - tiff <postponed> (Minor issue, revisit once fixed upstream)
-	- tiff3 <removed>
+	- tiff <undetermined>
+	- tiff3 <undetermined>
 	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
 	NOTE: Issue demostrated in tiff via a vector through graphicsmagick, cf.
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/
-	TODO: claimed to be fixed in latest libtiff, but no idication yet which changes adresses the issue
+	NOTE: Claimed to be fixed in latest libtiff, but no indication yet which changes adresses the issue
 CVE-2018-5359 (The server in Flexense SysGauge 3.6.18 operating on port 9221 can be ...)
 	NOT-FOR-US: Flexense SysGauge
 CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...)
@@ -55264,6 +55258,7 @@ CVE-2017-17095 (tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attack
 	- tiff3 <removed> (unimportant)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750
 	NOTE: Crash in CLI tool not treated as a security issue
+	NOTE: https://gitlab.com/libtiff/libtiff/commit/9171da596c88e6a2dadcab4a3a89dddd6e1b4655
 CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is affected ...)
 	NOT-FOR-US: SyncBreeze
 CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ...)
@@ -73675,7 +73670,6 @@ CVE-2017-11614 (MEDHOST Connex contains hard-coded credentials that are used for
 CVE-2017-11613 (In LibTIFF 4.0.8, there is a denial of service vulnerability in the ...)
 	{DLA-1411-1 DLA-1391-1}
 	- tiff 4.0.9-5 (low; bug #869823)
-	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
 	NOTE: https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c89e95d443eba4b9c22e629bea192170573b742

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c89e95d443eba4b9c22e629bea192170573b742
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181129/1e2cb847/attachment-0001.html>
