[Git][security-tracker-team/security-tracker][master] CVE-2023-2908/tiff does not affect buster

Mon, 31 Jul 2023 02:12:06 -0700 


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ab46acb3 by Adrian Bunk at 2023-07-31T12:10:52+03:00
CVE-2023-2908/tiff does not affect buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4912,8 +4912,11 @@ CVE-2023-2908 (A null pointer dereference issue was 
found in Libtiff's tif_dir.c
        - tiff 4.5.1~rc3-1
        [bookworm] - tiff <no-dsa> (Minor issue)
        [bullseye] - tiff <no-dsa> (Minor issue)
+       [buster] - tiff <not-affected> (Vulnerable code introduced later)
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/479
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f
 (v4.5.1rc1)
+       NOTE: Introduced by the fix for CVE-2022-4645:
+       NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
 (v4.5.0rc1)
 CVE-2023-2907 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Marksoft
 CVE-2023-2899 (The Google Map Shortcode WordPress plugin through 3.1.2 does 
not valid ...)
@@ -38310,6 +38313,7 @@ CVE-2022-4645 (LibTIFF 4.4.0 has an out-of-bounds read 
in tiffcp in tools/tiffcp
        [buster] - tiff <postponed> (Minor issue, OOB read / DoS)
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/277
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
+       NOTE: The fix causes CVE-2023-2908.
 CVE-2022-4644 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 
2.5.4.)
        - rdiffweb <itp> (bug #969974)
 CVE-2022-4643 (A vulnerability was found in docconv up to 1.2.0. It has been 
declared ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab46acb38c63c1088a93ffb353f18746761f2689

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab46acb38c63c1088a93ffb353f18746761f2689
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to