[Git][security-tracker-team/security-tracker][master] Track fixes for four CVEs for tiff via unstable upload (4.0.10-4)

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e4066151 by Salvatore Bonaccorso at 2019-02-02T22:10:48Z
Track fixes for four CVEs for tiff via unstable upload (4.0.10-4)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2792,7 +2792,7 @@ CVE-2019-6129 (png_create_info_struct in png.c in libpng 1.6.36 has a memory lea
 	NOTE: https://github.com/glennrp/libpng/issues/269
 	NOTE: Memory leak in CLI tool, no security impact
 CVE-2019-6128 (The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory ...)
-	- tiff <unfixed> (bug #921157; unimportant)
+	- tiff 4.0.10-4 (bug #921157; unimportant)
 	- tiff3 <removed> (unimportant)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2836
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/commit/ae0bed1fe530a82faf2e9ea1775109dbf301a971
@@ -19441,7 +19441,7 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by ...)
 CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function ...)
 	NOTE: Duplicate of CVE-2018-10754
 CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the ...)
-	- tiff <unfixed> (bug #913675)
+	- tiff 4.0.10-4 (bug #913675)
 	[stretch] - tiff <postponed> (Minor issue, revisit when fixed upstream)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2820
@@ -25061,7 +25061,7 @@ CVE-2018-17002 (On the RICOH MP 2001 printer, HTML Injection and Stored XSS ...)
 CVE-2018-17001 (On the RICOH SP 4510SF printer, HTML Injection and Stored XSS ...)
 	NOT-FOR-US: RICOH
 CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c ...)
-	- tiff <unfixed> (bug #908778)
+	- tiff 4.0.10-4 (bug #908778)
 	[stretch] - tiff <postponed> (Minor issue)
 	- tiff3 <removed>
 	[jessie] - tiff <postponed> (Can be fixed along in future DLA)
@@ -35437,7 +35437,7 @@ CVE-2018-12902 (In Easy Magazine through 2012-10-26, there is XSS in the search
 CVE-2018-12901 (A vulnerability in the conferencing component of Mitel ST 14.2, ...)
 	NOT-FOR-US: Mitel
 CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf function in ...)
-	- tiff <unfixed> (bug #902718)
+	- tiff 4.0.10-4 (bug #902718)
 	[stretch] - tiff <postponed> (Minor issue, can be fixed along in future DSA)
 	[jessie] - tiff <postponed> (Minor issue, can be fixed along in future DLA)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2798



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e4066151a5fa42669e915bd97dff9b47a4bf8a64

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e4066151a5fa42669e915bd97dff9b47a4bf8a64
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190202/e93a8f5b/attachment.html>