[Git][security-tracker-team/security-tracker][master] 2 commits: CVEs fixed in recent upload

Thorsten Alteholz (@alteholz) alteholz at debian.org
Mon Jun 28 00:02:49 BST 2021



Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0089dc55 by Thorsten Alteholz at 2021-06-28T00:31:56+02:00
CVEs fixed in recent upload

- - - - -
28d24d7a by Thorsten Alteholz at 2021-06-28T01:02:37+02:00
Reserve DLA-2694-1 for tiff

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38118,13 +38118,11 @@ CVE-2020-35525
 CVE-2020-35524 (A heap-based buffer overflow flaw was found in libtiff in the handling ...)
 	{DSA-4869-1}
 	- tiff 4.1.0+git201212-1
-	[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159
 CVE-2020-35523 (An integer overflow flaw was found in libtiff that exists in the tif_g ...)
 	{DSA-4869-1}
 	- tiff 4.1.0+git201212-1
-	[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/160
 CVE-2020-35522 (In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A craf ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Jun 2021] DLA-2694-1 tiff - security update
+	{CVE-2020-35523 CVE-2020-35524}
+	[stretch] - tiff 4.0.8-2+deb9u6
 [28 Jun 2021] DLA-2693-1 xmlbeans - security update
 	{CVE-2021-23926}
 	[stretch] - xmlbeans 2.6.0+dfsg-1+deb9u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e51a46c98da5c15ecd22084349df4c2605cfb6bd...28d24d7ae92819927bb573437e65e89f87f81315

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e51a46c98da5c15ecd22084349df4c2605cfb6bd...28d24d7ae92819927bb573437e65e89f87f81315
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210627/ec1a0c8a/attachment.htm>


More information about the debian-security-tracker-commits mailing list