[Git][security-tracker-team/security-tracker][master] Reserve DLA-3278-1 for tiff
Sylvain Beucler (@beuc)
beuc at debian.org
Fri Jan 20 21:58:21 GMT 2023
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
60bd0e20 by Sylvain Beucler at 2023-01-20T22:58:11+01:00
Reserve DLA-3278-1 for tiff
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -36579,20 +36579,17 @@ CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as proble
CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to out of ...)
- tiff 4.4.0~rc1-1
[bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1)
CVE-2022-2868 (libtiff's tiffcrop utility has a improper input validation flaw that c ...)
- tiff 4.4.0~rc1-1
[bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/335
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/294
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1)
CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can lead to o ...)
- tiff 4.4.0~rc1-1
[bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/351
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1)
@@ -47148,7 +47145,6 @@ CVE-2022-34527 (D-Link DSL-3782 v1.03 and below was discovered to contain a comm
CVE-2022-34526 (A stack overflow was discovered in the _TIFFVGetField function of Tiff ...)
- tiff 4.4.0-4
[bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/433
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990
CVE-2022-34525
@@ -51118,21 +51114,18 @@ CVE-2017-20052 (A vulnerability classified as problematic was found in Python 2.
CVE-2022-2058 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...)
- tiff 4.4.0-3 (bug #1014494)
[bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/428
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
CVE-2022-2057 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...)
- tiff 4.4.0-3 (bug #1014494)
[bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/427
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
CVE-2022-2056 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...)
- tiff 4.4.0-3 (bug #1014494)
[bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/415
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab
@@ -62073,14 +62066,12 @@ CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By defau
CVE-2022-1355 (A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() ...)
- tiff 4.3.0-8 (bug #1011160)
[bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/400
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/323
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2
CVE-2022-1354 (A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFR ...)
- tiff 4.3.0-7
[bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/319
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798
CVE-2022-1353 (A vulnerability was found in the pfkey_register function in net/key/af ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Jan 2023] DLA-3278-1 tiff - security update
+ {CVE-2022-1354 CVE-2022-1355 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3970 CVE-2022-34526}
+ [buster] - tiff 4.1.0+git191117-2~deb10u5
[20 Jan 2023] DLA-3277-1 powerline-gitstatus - security update
{CVE-2022-42906}
[buster] - powerline-gitstatus 1.3.2-0+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -329,13 +329,6 @@ sox
--
thunderbird (Emilio)
--
-tiff (Sylvain Beucler)
- NOTE: 20221031: Programming language: C.
- NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/tiff.git
- NOTE: 20221209: Testsuite: https://lts-team.pages.debian.net/wiki/TestSuites/tiff.html
- NOTE: 20221226: Backporting patches. (Beuc)
- NOTE: 20230116: Triaging and backporting more patches. (Beuc)
---
tinymce
NOTE: 20221227: Programming language: PHP.
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60bd0e20c3e395e108541bea692881833a4efb75
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60bd0e20c3e395e108541bea692881833a4efb75
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230120/7662b2b0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list