[Git][security-tracker-team/security-tracker][master] tiff DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Mar 24 18:41:34 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a20dade by Moritz Mühlenhoff at 2022-03-24T19:37:51+01:00
tiff DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -8217,15 +8217,11 @@ CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when c
CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within ...)
{DLA-2932-1}
- tiff 4.3.0-4
- [bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within ...)
{DLA-2932-1}
- tiff 4.3.0-4
- [bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
@@ -14968,8 +14964,6 @@ CVE-2022-22845 (QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the sa
CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c i ...)
{DLA-2932-1}
- tiff 4.3.0-3
- [bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/355
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/287
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[24 Mar 2022] DSA-5108-1 tiff - security update
+ {CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 CVE-2022-0907 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-22844}
+ [buster] - tiff 4.1.0+git191117-2~deb10u4
+ [bullseye] - tiff 4.2.0-1+deb11u1
[24 Mar 2022] DSA-5107-1 php-twig - security update
{CVE-2022-23614}
[bullseye] - php-twig 2.14.3-1+deb11u1
=====================================
data/dsa-needed.txt
=====================================
@@ -37,8 +37,6 @@ rpki-client/stable
--
sox
--
-tiff (jmm)
---
trafficserver (jmm)
wait until status for CVE-2021-38161 is clarified (upstream patch got reverted)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a20dade7f5d96da0291abd28ce1fd3e7f76fc38
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a20dade7f5d96da0291abd28ce1fd3e7f76fc38
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220324/381828f0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list