[Git][security-tracker-team/security-tracker][master] Fill in information for now re-assigned CVEs for tiff

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 28 12:54:35 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
843d566b by Salvatore Bonaccorso at 2023-08-28T13:53:10+02:00
Fill in information for now re-assigned CVEs for tiff

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4372,10 +4372,18 @@ CVE-2023-32232 (An issue was discovered in Vasion PrinterLogic Client for Window
 	NOT-FOR-US: Vasion
 CVE-2023-32231 (An issue was discovered in Vasion PrinterLogic Client for Windows befo ...)
 	NOT-FOR-US: Vasion
-CVE-2023-38289
-	REJECTED
-CVE-2023-38288
-	REJECTED
+CVE-2023-41175 [libtiff: potential integer overflow in raw2tiff.c]
+	{DLA-3513-1}
+	- tiff 4.5.1+git230720-1
+	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/592
+	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2235264
+CVE-2023-40745 [libtiff: integer overflow in tiffcp.c]
+	{DLA-3513-1}
+	- tiff 4.5.1+git230720-1
+	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5
+	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/591
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2235265
 CVE-2023-3870
 	REJECTED
 CVE-2023-3863 (A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp ...)


=====================================
data/DLA/list
=====================================
@@ -100,7 +100,7 @@
 	{CVE-2023-33201}
 	[buster] - bouncycastle 1.60-1+deb10u1
 [31 Jul 2023] DLA-3513-1 tiff - security update
-	{CVE-2023-2908 CVE-2023-3316 CVE-2023-3618 CVE-2023-25433 CVE-2023-26965 CVE-2023-26966}
+	{CVE-2023-2908 CVE-2023-3316 CVE-2023-3618 CVE-2023-25433 CVE-2023-26965 CVE-2023-26966 CVE-2023-40745 CVE-2023-41175}
 	[buster] - tiff 4.1.0+git191117-2~deb10u8
 [31 Jul 2023] DLA-3512-1 linux-5.10 - security update
 	{CVE-2023-2156 CVE-2023-3390 CVE-2023-3610 CVE-2023-20593 CVE-2023-31248 CVE-2023-35001}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/843d566b0d5c0356fefc6176f1e21e1dd16da7f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/843d566b0d5c0356fefc6176f1e21e1dd16da7f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230828/b60d8344/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list