Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits: ab46acb3 by Adrian Bunk at 2023-07-31T12:10:52+03:00 CVE-2023-2908/tiff does not affect buster - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4912,8 +4912,11 @@ CVE-2023-2908 (A null pointer dereference issue was found in Libtiff's tif_dir.c - tiff 4.5.1~rc3-1 [bookworm] - tiff <no-dsa> (Minor issue) [bullseye] - tiff <no-dsa> (Minor issue) + [buster] - tiff <not-affected> (Vulnerable code introduced later) NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/479 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f (v4.5.1rc1) + NOTE: Introduced by the fix for CVE-2022-4645: + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 (v4.5.0rc1) CVE-2023-2907 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Marksoft CVE-2023-2899 (The Google Map Shortcode WordPress plugin through 3.1.2 does not valid ...) @@ -38310,6 +38313,7 @@ CVE-2022-4645 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp [buster] - tiff <postponed> (Minor issue, OOB read / DoS) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/277 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 + NOTE: The fix causes CVE-2023-2908. CVE-2022-4644 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4.) - rdiffweb <itp> (bug #969974) CVE-2022-4643 (A vulnerability was found in docconv up to 1.2.0. It has been declared ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab46acb38c63c1088a93ffb353f18746761f2689 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab46acb38c63c1088a93ffb353f18746761f2689 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits