[Git][security-tracker-team/security-tracker][master] Add CVE-2018-18557/tiff

Mon Oct 22 21:22:03 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1ccfb27c by Salvatore Bonaccorso at 2018-10-22T20:21:37Z
Add CVE-2018-18557/tiff

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,7 +35,10 @@ CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur due
 CVE-2018-18558
 	RESERVED
 CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a ...)
-	TODO: check
+	- tiff <unfixed>
+	- tiff3 <removed>
+	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/38
+	NOTE: https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66
 CVE-2018-XXXX [out of bounds memory read in MED files]
 	- libopenmpt 0.3.13-1 (bug #911584)
 	NOTE: https://lib.openmpt.org/libopenmpt/2018/10/21/security-updates-0.3.13-0.2.10933-beta36-0.2.7561-beta20.5-p11-0.2.7386-beta20.3-p14/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ccfb27c7d9b0f9e8bda5e240f8c884afd2d1a2b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ccfb27c7d9b0f9e8bda5e240f8c884afd2d1a2b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181022/884f0ad4/attachment.html>
