[Git][security-tracker-team/security-tracker][master] Reverse order of the CVEs for tiff

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jul 30 23:04:15 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa588a70 by Salvatore Bonaccorso at 2023-07-31T00:03:00+02:00
Reverse order of the CVEs for tiff

Seems that the the CVEs were swappend while filling in the details.

CVE-2023-38288 is associated with
https://gitlab.com/libtiff/libtiff/-/issues/591 .

CVE-2023-38289 is associated with
https://gitlab.com/libtiff/libtiff/-/issues/592 .

OTOH the RHBZ subject descriptions and contents are swapped added
repsective notes on https://bugzilla.redhat.com/show_bug.cgi?id=2224971
and https://bugzilla.redhat.com/show_bug.cgi?id=2224974 .

Fixes: 0bdc959b6a1e ("fill in details for tiff issues")

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -570,13 +570,13 @@ CVE-2023-32232 (An issue was discovered in Vasion PrinterLogic Client for Window
 CVE-2023-32231 (An issue was discovered in Vasion PrinterLogic Client for Windows befo ...)
 	NOT-FOR-US: Vasion
 CVE-2023-38289 [libtiff: potential integer overflow in raw2tiff.c]
-	- tiff 4.5.1+git230720-1
-	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5
-	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/591
-CVE-2023-38288 [libtiff: integer overflow in tiffcp.c]
 	- tiff 4.5.1+git230720-1
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/592
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee
+CVE-2023-38288 [libtiff: integer overflow in tiffcp.c]
+	- tiff 4.5.1+git230720-1
+	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5
+	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/591
 CVE-2023-3870
 	REJECTED
 CVE-2023-3863 (A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa588a70f24cb5fe4a07a24ed76ebbcd74806f66

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa588a70f24cb5fe4a07a24ed76ebbcd74806f66
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230730/632058e1/attachment.htm>

More information about the debian-security-tracker-commits mailing list