[Git][security-tracker-team/security-tracker][master] 3 commits: The PoC given is not reproducible in buster but this CVE is an
Abhijith PA (@abhijith)
abhijith at debian.org
Mon Mar 11 05:26:11 GMT 2024
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits:
376c6d8e by Abhijith PA at 2024-03-11T10:41:16+05:30
The PoC given is not reproducible in buster but this CVE is an
general issue from an incomplete fix from 4.0.10.
But too invasive patch for a minor issue.
- - - - -
61509b66 by Abhijith PA at 2024-03-11T10:47:10+05:30
Backporting CVE-2023-6277 can introduce regression in libimager-perl
- - - - -
ae62c233 by Abhijith PA at 2024-03-11T10:51:24+05:30
Upstream fixed this issue by providing an update to doc.
tiff in buster have html docs and upstream in .rst. Not worth
converting docs.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10250,7 +10250,7 @@ CVE-2023-52355 (An out-of-memory flaw was found in libtiff that could be trigger
- tiff 4.5.1+git230720-4
[bookworm] - tiff <no-dsa> (Minor issue)
[bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <postponed> (Minor issue, DoS)
+ [buster] - tiff <ignored> (Minor issue, DoS)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/621
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/553
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/335947359ce2dd3862cd9f7c49f92eba065dfed4
@@ -21875,7 +21875,7 @@ CVE-2023-6277 (An out-of-memory flaw was found in libtiff. Passing a crafted tif
- tiff 4.5.1+git230720-2 (bug #1056751)
[bookworm] - tiff <no-dsa> (Minor issue; will cause compatibility issue with libimager-perl, cf #1057270)
[bullseye] - tiff <no-dsa> (Minor issue; will cause compatibility issue with libimager-perl, cf #1057270)
- [buster] - tiff <postponed> (Minor issue; OOM DoS)
+ [buster] - tiff <ignored> (Minor issue; OOM DoS)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/614
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/545
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/5320c9d89c054fa805d037d84c57da874470b01a
@@ -106015,7 +106015,7 @@ CVE-2022-40091 (Online Tours & Travels Management System v1.0 was discovered to
CVE-2022-40090 (An issue was discovered in function TIFFReadDirectory libtiff before 4 ...)
- tiff 4.5.0-2
[bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <postponed> (Minor issue, DoS)
+ [buster] - tiff <ignored> (Minor issue, DoS)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/455
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/386
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/d093eb5d961e21ba51420bc22382c514683a4d91 (v4.5.0rc1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f95d3ce82bb4c126f1895a4fc26d26e068cd8ccb...ae62c23362ed648db3ff8b56ca0d38aedf975d58
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f95d3ce82bb4c126f1895a4fc26d26e068cd8ccb...ae62c23362ed648db3ff8b56ca0d38aedf975d58
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240311/c00a13df/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list