[Git][security-tracker-team/security-tracker][master] Add CVE-2017-16232 and CVE-2018-{17100, 17101, 18557}/tiff fixed version in unstable

[László Böszörményi]

László Böszörményi pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a5fc472 by Laszlo Boszormenyi (GCS) at 2018-10-28T15:11:40Z
Add CVE-2017-16232 and CVE-2018-{17100,17101,18557}/tiff fixed version in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -447,7 +447,7 @@ CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur due
 CVE-2018-18558
 	RESERVED
 CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a ...)
-	- tiff <unfixed> (bug #911635)
+	- tiff 4.0.9+git181026-1 (bug #911635)
 	- tiff3 <removed>
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
 	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/38
@@ -4006,12 +4006,12 @@ CVE-2018-17103 (** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13.
 CVE-2018-17102 (An issue was discovered in QuickAppsCMS (aka QACMS) through ...)
 	NOT-FOR-US: QuickAppsCMS
 CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds ...)
-	- tiff <unfixed> (bug #909037)
+	- tiff 4.0.9+git181026-1 (bug #909037)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2807
 	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577
 CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in ...)
-	- tiff <unfixed> (bug #909038)
+	- tiff 4.0.9+git181026-1 (bug #909038)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2810
 	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e
@@ -53901,7 +53901,7 @@ CVE-2015-9245 (Insecure default configuration in Progress Software OpenEdge 10.2
 	NOT-FOR-US: Progress Software OpenEdge
 CVE-2017-16232 [memory-based DoS in tiff2bw]
 	RESERVED
-	- tiff <unfixed> (unimportant)
+	- tiff 4.0.9-1 (unimportant)
 	NOTE: http://seclists.org/oss-sec/2017/q4/168
 CVE-2017-16231 [match() stack overflow]
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a5fc4724c3aa935cf30a92aaacbb294e02e0e04

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a5fc4724c3aa935cf30a92aaacbb294e02e0e04
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181028/2a13ab9e/attachment-0001.html>