[Git][security-tracker-team/security-tracker][master] 2 commits: CVEs fixed in recent upload
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Mon Jun 28 00:02:49 BST 2021
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0089dc55 by Thorsten Alteholz at 2021-06-28T00:31:56+02:00
CVEs fixed in recent upload
- - - - -
28d24d7a by Thorsten Alteholz at 2021-06-28T01:02:37+02:00
Reserve DLA-2694-1 for tiff
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38118,13 +38118,11 @@ CVE-2020-35525
CVE-2020-35524 (A heap-based buffer overflow flaw was found in libtiff in the handling ...)
{DSA-4869-1}
- tiff 4.1.0+git201212-1
- [stretch] - tiff <no-dsa> (can be fixed along in next DLA)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159
CVE-2020-35523 (An integer overflow flaw was found in libtiff that exists in the tif_g ...)
{DSA-4869-1}
- tiff 4.1.0+git201212-1
- [stretch] - tiff <no-dsa> (can be fixed along in next DLA)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/160
CVE-2020-35522 (In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A craf ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Jun 2021] DLA-2694-1 tiff - security update
+ {CVE-2020-35523 CVE-2020-35524}
+ [stretch] - tiff 4.0.8-2+deb9u6
[28 Jun 2021] DLA-2693-1 xmlbeans - security update
{CVE-2021-23926}
[stretch] - xmlbeans 2.6.0+dfsg-1+deb9u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e51a46c98da5c15ecd22084349df4c2605cfb6bd...28d24d7ae92819927bb573437e65e89f87f81315
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e51a46c98da5c15ecd22084349df4c2605cfb6bd...28d24d7ae92819927bb573437e65e89f87f81315
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210627/ec1a0c8a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list