[Git][security-tracker-team/security-tracker][master] Add CVE-2018-5360/tiff fixed version in stretch and onwards

László Böszörményi gcs at debian.org
Sat Mar 23 18:32:11 GMT 2019 

László Böszörményi pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f92ce49e by Laszlo Boszormenyi (GCS) at 2019-03-23T18:30:21Z
Add CVE-2018-5360/tiff fixed version in stretch and onwards

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -64722,7 +64722,7 @@ CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_
 CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options. ...)
 	NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstr ...)
-	- tiff <undetermined>
+	- tiff 4.0.6-3
 	- tiff3 <undetermined>
 	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
 	NOTE: Issue demostrated in tiff via a vector through graphicsmagick, cf.
@@ -64730,7 +64730,6 @@ CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as dem
 	NOTE: Same issue as http://bugzilla.maptools.org/show_bug.cgi?id=2500 (CVE-2014-8127)
 	NOTE: fixed as per 2016-10-25 (first release to ship the patch seems to be 4.0.7)
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159
-	NOTE: TODO check which exact Debian release contained the fix at first
 CVE-2018-5359 (The server in Flexense SysGauge 3.6.18 operating on port 9221 can be e ...)
 	NOT-FOR-US: Flexense SysGauge
 CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f92ce49e5177e301f5492795b009b8ecd242a644

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f92ce49e5177e301f5492795b009b8ecd242a644
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190323/60cc7dc9/attachment.html>

More information about the debian-security-tracker-commits mailing list