[Git][security-tracker-team/security-tracker][master] Add CVE-2022-4645/tiff

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 3 20:38:28 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52bfc79e by Salvatore Bonaccorso at 2023-03-03T21:37:27+01:00
Add CVE-2022-4645/tiff

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16029,7 +16029,9 @@ CVE-2022-4647 (Cross-site Scripting (XSS) - Stored in GitHub repository microweb
 CVE-2022-4646 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-4645 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:94 ...)
-	TODO: check
+	- tiff 4.4.0-5
+	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/277
+	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
 CVE-2022-4644 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4. ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-4643 (A vulnerability was found in docconv up to 1.2.0. It has been declared ...)


=====================================
data/DSA/list
=====================================
@@ -104,7 +104,7 @@
 	{CVE-2022-45060}
 	[bullseye] - varnish 6.5.1-1+deb11u3
 [29 Jan 2023] DSA-5333-1 tiff - security update
-	{CVE-2022-1354 CVE-2022-1355 CVE-2022-1622 CVE-2022-1623 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-2953 CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3636 CVE-2022-3970 CVE-2022-34526 CVE-2022-48281}
+	{CVE-2022-1354 CVE-2022-1355 CVE-2022-1622 CVE-2022-1623 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-2953 CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3636 CVE-2022-3970 CVE-2022-4645 CVE-2022-34526 CVE-2022-48281}
 	[bullseye] - tiff 4.2.0-1+deb11u3
 [29 Jan 2023] DSA-5332-1 git - security update
 	{CVE-2022-23521 CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 CVE-2022-41903}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52bfc79e0d4c7963c72964e1e46e1fe2eb835246

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52bfc79e0d4c7963c72964e1e46e1fe2eb835246
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230303/f932a10e/attachment.htm>


More information about the debian-security-tracker-commits mailing list