[Git][security-tracker-team/security-tracker][master] Remove several no-dsa tags from stretch's tiff entries

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e58c6a6 by Salvatore Bonaccorso at 2020-04-24T21:09:22+02:00
Remove several no-dsa tags from stretch's tiff entries

Fixes for those CVEs will be included in a planned update.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43113,7 +43113,6 @@ CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-plat
 CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...)
 	{DSA-4608-1 DLA-1897-1}
 	- tiff 4.0.10+git190814-1 (low; bug #934780)
-	[stretch] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
 	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/90
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773
@@ -66094,7 +66093,6 @@ CVE-2019-7664 (In elfutils 0.175, a negative-sized memcpy is attempted in elf_cv
 CVE-2019-7663 (An Invalid Address dereference was discovered in TIFFWriteDirectoryTag ...)
 	{DLA-1680-1}
 	- tiff 4.0.10-4
-	[stretch] - tiff <postponed> (Minor issue)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2833
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39
@@ -88106,7 +88104,6 @@ CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function
 CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWrite ...)
 	{DLA-1680-1}
 	- tiff 4.0.10-4 (bug #913675)
-	[stretch] - tiff <postponed> (Minor issue, revisit when fixed upstream)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2820
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/d0a842c5dbad2609aed43c701a12ed12461d3405
@@ -93646,7 +93643,6 @@ CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two out-of-b
 CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in ...)
 	{DLA-1557-1}
 	- tiff 4.0.9+git181026-1 (low; bug #909038)
-	[stretch] - tiff <postponed> (Minor issue)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2810
 	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e
@@ -93890,7 +93886,6 @@ CVE-2018-17001 (On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vu
 CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c ( ...)
 	{DLA-1680-1}
 	- tiff 4.0.10-4 (bug #908778)
-	[stretch] - tiff <postponed> (Minor issue)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2811
 	NOTE: Relates to http://bugzilla.maptools.org/show_bug.cgi?id=2833
@@ -104479,7 +104474,6 @@ CVE-2018-12901 (A vulnerability in the conferencing component of Mitel ST 14.2,
 CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf function in ...)
 	{DLA-2009-1}
 	- tiff 4.0.10-4 (bug #902718)
-	[stretch] - tiff <postponed> (Minor issue, can be fixed along in future DSA)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2798
 	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/60
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/27124e9148b2056d0e0bf4033b4924d5d2a38d01



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e58c6a6d457c54a70da4c185ee2ab550ce223af

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e58c6a6d457c54a70da4c185ee2ab550ce223af
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200424/ba02a7ea/attachment.html>