[Git][security-tracker-team/security-tracker][master] more older tiff non issues resolved

Mon Sep 22 09:55:42 BST 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
06144a82 by Moritz Muehlenhoff at 2025-09-22T10:55:32+02:00
more older tiff non issues resolved

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -587424,8 +587424,6 @@ CVE-2017-17975 (Use-after-free in the usbtv_probe function in drivers/media/usb/
 CVE-2017-17974 (BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPser ...)
 	NOT-FOR-US: BA SYSTEMS BAS Web on BAS920 devices
 CVE-2017-17973 (In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writ ...)
-	- tiff <unfixed> (unimportant)
-	- tiff3 <removed> (unimportant)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2769
 	NOTE: Details on the issue are not confirmed by the reporter after several attempts
 	NOTE: and this does like a non-issue. More reprodicibly reports are from SUSE in
@@ -623244,10 +623242,11 @@ CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl vi
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74604
 	NOTE: Not treated as a security issue by upstream
 CVE-2017-9117 (In LibTIFF 4.0.6 and possibly other versions, the program processes BM ...)
-	- tiff <unfixed> (unimportant)
+	- tiff 4.0.7-1 (unimportant)
 	- tiff3 <not-affected> (Does not ship libtiff-tools)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2690
-	NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2
+	NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2 from the Debian package
+	NOTE: Removed upstream in https://gitlab.com/libtiff/libtiff/-/commit/30366c9f226593f37623bfd235274aeac1e575ad (v4.0.7)
 CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...)
 	{DLA-2358-1 DLA-1083-1}
 	- openexr 2.2.0-11.1 (bug #864078)
@@ -634790,9 +634789,10 @@ CVE-2017-5565 (Code injection vulnerability in Trend Micro Maximum Security 11.0
 CVE-2017-5564
 	RESERVED
 CVE-2017-5563 (LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read i ...)
-	- tiff <unfixed> (unimportant)
+	- tiff 4.0.7-1 (unimportant)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2664
 	NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2
+	NOTE: Removed upstream in https://gitlab.com/libtiff/libtiff/-/commit/30366c9f226593f37623bfd235274aeac1e575ad (v4.0.7)
 CVE-2017-5562
 	RESERVED
 CVE-2017-5561



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06144a829a9e5d7b52ecddc3afefc049eaf8ad59

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06144a829a9e5d7b52ecddc3afefc049eaf8ad59
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250922/563e1bfa/attachment.htm>
