[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1056/tiff

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c3ac22f by Salvatore Bonaccorso at 2022-03-28T22:23:02+02:00
Add CVE-2022-1056/tiff

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1135,7 +1135,10 @@ CVE-2022-26420
 CVE-2022-26075
 	RESERVED
 CVE-2022-1056 (Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers ...)
-	TODO: check
+	- tiff <unfixed>
+	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/391
+	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/307
+	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
 CVE-2022-XXXX [Possible man-in-the-middle attack in TLS connection to servers]
 	- weechat 3.4.1-1
 	[stretch] - weechat <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c3ac22f459f7151de4cfa712dfd4dee5272ec4c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c3ac22f459f7151de4cfa712dfd4dee5272ec4c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220328/388d6518/attachment.htm>