[Git][security-tracker-team/security-tracker][master] Reserve DLA-4026-1 for tiff

Adrian Bunk (@bunk) bunk at debian.org
Mon Jan 20 15:09:41 GMT 2025 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d165224b by Adrian Bunk at 2025-01-20T17:09:29+02:00
Reserve DLA-4026-1 for tiff

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -45191,7 +45191,6 @@ CVE-2024-7537 (oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure
 CVE-2024-7006 (A null pointer dereference flaw was found in Libtiff via `tif_dirinfo. ...)
 	- tiff 4.5.1+git230720-5 (bug #1078648)
 	[bookworm] - tiff 4.5.0-6+deb12u2
-	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/559
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/624
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/818fb8ce881cf839fbc710f6690aadb992aa0f9e
@@ -101871,7 +101870,6 @@ CVE-2023-52356 (A segment fault (SEGV) flaw was found in libtiff that could be t
 	{DLA-3758-1}
 	- tiff 4.5.1+git230720-4 (bug #1061524)
 	[bookworm] - tiff 4.5.0-6+deb12u2
-	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/622
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/546
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a
@@ -134571,7 +134569,6 @@ CVE-2023-3618 (A flaw was found in libtiff. A specially crafted tiff file can le
 	{DLA-3513-1}
 	- tiff 4.5.1~rc3-1 (bug #1040945)
 	[bookworm] - tiff 4.5.0-6+deb12u2
-	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/529
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8 (v4.5.1rc1)
 CVE-2023-3603 (A missing allocation check in sftp server processing read requests may ...)
@@ -137429,7 +137426,6 @@ CVE-2023-3317 (A use-after-free flaw was found in mt7921_check_offload_capabilit
 CVE-2023-3316 (A NULL pointer dereference in TIFFClose() is caused by a failure to op ...)
 	{DLA-3513-1}
 	- tiff 4.5.0-5
-	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/515
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/468
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536 (v4.5.1rc1)
@@ -137480,7 +137476,6 @@ CVE-2023-2908 (A null pointer dereference issue was found in Libtiff's tif_dir.c
 	{DLA-3513-1}
 	- tiff 4.5.1~rc3-1
 	[bookworm] - tiff 4.5.0-6+deb12u2
-	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/479
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f (v4.5.1rc1)
 	NOTE: Introduced by the fix for CVE-2022-3599/CVE-2022-4645/CVE-2023-30086/CVE-2023-30774:
@@ -155824,7 +155819,6 @@ CVE-2023-26966 (libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() wh
 	{DLA-3513-1}
 	- tiff 4.5.1~rc3-1
 	[bookworm] - tiff 4.5.0-6+deb12u2
-	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/530
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/473
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 (v4.5.1rc1)
@@ -155832,7 +155826,6 @@ CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a h
 	{DLA-3513-1}
 	- tiff 4.5.1~rc3-1
 	[bookworm] - tiff 4.5.0-6+deb12u2
-	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/472
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf (v4.5.1rc1)
 CVE-2023-26964 (An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occ ...)
@@ -160576,7 +160569,6 @@ CVE-2023-25433 (libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tool
 	{DLA-3513-1}
 	- tiff 4.5.1~rc3-1
 	[bookworm] - tiff 4.5.0-6+deb12u2
-	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/520
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678 (v4.5.1rc1)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/688012dca2c39033aa2dc7bcea9796787cfd1b44 (v4.5.1rc1)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Jan 2025] DLA-4026-1 tiff - security update
+	{CVE-2023-2908 CVE-2023-3316 CVE-2023-3618 CVE-2023-25433 CVE-2023-26965 CVE-2023-26966 CVE-2023-52356 CVE-2024-7006}
+	[bullseye] - tiff 4.2.0-1+deb11u6
 [20 Jan 2025] DLA-4025-1 redis - security update
 	{CVE-2024-46981}
 	[bullseye] - redis 5:6.0.16-1+deb11u5


=====================================
data/dla-needed.txt
=====================================
@@ -266,11 +266,6 @@ tcpdf (Adrian Bunk)
   NOTE: 20241205: Added by Front-Desk (santiago)
   NOTE: 20241230: https://lists.debian.org/debian-lts/2024/12/msg00057.html (bunk)
 --
-tiff (Adrian Bunk)
-  NOTE: 20250117: Added by Front-Desk (rouca)
-  NOTE: 20250117: Multiple CVEs have been piling up (rouca/front-desk)
-  NOTE: 20250117: Follow bookworm PU or retriage (rouca/front-desk)
---
 trafficserver (dleidert)
   NOTE: 20241120: Added by Front-Desk (Beuc)
   NOTE: 20241120: Upcoming DSA (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d165224b8491f67e26fbfd346acdc516ef25a3fa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d165224b8491f67e26fbfd346acdc516ef25a3fa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250120/f88d8434/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list