[Git][security-tracker-team/security-tracker][master] CVE-2020-18768/tiff: fix was shipped in DLA-2777-1 through CVE-2020-19144

Thu Sep 28 19:24:18 BST 2023


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a43b2d24 by Sylvain Beucler at 2023-09-28T20:23:31+02:00
CVE-2020-18768/tiff: fix was shipped in DLA-2777-1 through CVE-2020-19144

I'm not convinced we fixed CVE-2020-19144 actually,
but its reproducer is no-op for me on v4.0.10
and I don't see how to investigate further,
so I'll have to assume the patch fixed both.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -231310,7 +231310,7 @@ CVE-2020-19144 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a d
 	- tiff 4.0.10+git190814-1
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2852
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/159
-	NOTE: Fixed around https://gitlab.com/libtiff/libtiff/-/commit/1fb9e731ef3e4ceb7af128ce298adb271088064f (v4.1.0)
+	NOTE: Fixed around https://gitlab.com/libtiff/libtiff/-/commit/1fb9e731ef3e4ceb7af128ce298adb271088064f (v4.1.0) (CVE-2020-18768)
 CVE-2020-19143 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial  ...)
 	{DSA-4997-1}
 	- tiff 4.1.0+git201212-1


=====================================
data/DLA/list
=====================================
@@ -2445,7 +2445,7 @@
 	{CVE-2019-19797 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2020-21675 CVE-2020-21676 CVE-2021-3561 CVE-2021-32280}
 	[stretch] - fig2dev 1:3.2.6a-2+deb9u4
 [03 Oct 2021] DLA-2777-1 tiff - security update
-	{CVE-2020-19131 CVE-2020-19144}
+	{CVE-2020-18768 CVE-2020-19131 CVE-2020-19144}
 	[stretch] - tiff 4.0.8-2+deb9u7
 [02 Oct 2021] DLA-2776-1 apache2 - security update
 	{CVE-2021-34798 CVE-2021-39275 CVE-2021-40438}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a43b2d24d9d99d6660c9eadac9d65f0697acd44d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a43b2d24d9d99d6660c9eadac9d65f0697acd44d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230928/8b4bceac/attachment-0001.htm>
