Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits: abcbb6d1 by Adrian Bunk at 2023-07-31T23:06:59+03:00 CVE-2023-30774/tiff also has the same fix as CVE-2022-3599/... - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4919,7 +4919,7 @@ CVE-2023-2908 (A null pointer dereference issue was found in Libtiff's tif_dir.c [buster] - tiff <no-dsa> (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/479 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f (v4.5.1rc1) - NOTE: Introduced by the fix for CVE-2022-3599/CVE-2022-4645/CVE-2023-30086: + NOTE: Introduced by the fix for CVE-2022-3599/CVE-2022-4645/CVE-2023-30086/CVE-2023-30774: NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 (v4.5.0rc1) CVE-2023-2907 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Marksoft @@ -11202,11 +11202,13 @@ CVE-2023-30775 (A vulnerability was found in the libtiff library. This security NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afd7086090dafd3949afd172822cbcec4ed17d56 (v4.5.0rc1) NOTE: Crash in CLI tool, no security impact CVE-2023-30774 (A vulnerability was found in the libtiff library. This flaw causes a h ...) - - tiff 4.5.0-2 - [bullseye] - tiff <no-dsa> (Minor issue) - [buster] - tiff <no-dsa> (Minor issue) + - tiff 4.4.0-5 + [bullseye] - tiff 4.2.0-1+deb11u3 + [buster] - tiff 4.1.0+git191117-2~deb10u5 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/463 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/f00484b9519df933723deb38fff943dc291a793d (v4.5.0rc1) + NOTE: Same fix as for CVE-2022-3599, CVE-2022-4645 and CVE-2023-30086. + NOTE: The fix causes CVE-2023-2908. CVE-2023-2109 (Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoo ...) NOT-FOR-US: chatwoot CVE-2023-2108 (A vulnerability has been found in SourceCodester Judging Management Sy ...) @@ -13162,7 +13164,7 @@ CVE-2023-30086 (Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a NOTE: https://gitlab.com/libtiff/libtiff/-/issues/538 NOTE: Likely fixed by: https://gitlab.com/libtiff/libtiff/-/merge_requests/385 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/f00484b9519df933723deb38fff943dc291a793d (v4.5.0rc1) - NOTE: Same fix as for CVE-2022-3599 and CVE-2023-30086. + NOTE: Same fix as for CVE-2022-3599, CVE-2023-30086 and CVE-2023-30774. NOTE: The fix causes CVE-2023-2908. CVE-2023-30085 (Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows ...) - ming <removed> @@ -38325,7 +38327,7 @@ CVE-2022-4645 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp [buster] - tiff 4.1.0+git191117-2~deb10u5 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/277 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 - NOTE: Same fix as for CVE-2022-3599 and CVE-2023-30086. + NOTE: Same fix as for CVE-2022-3599, CVE-2023-30086 and CVE-2023-30774. NOTE: The fix causes CVE-2023-2908. CVE-2022-4644 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4.) - rdiffweb <itp> (bug #969974) @@ -55515,7 +55517,7 @@ CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in - tiff 4.4.0-5 (bug #1022555) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/398 - NOTE: Same fix as for CVE-2022-4645 and CVE-2023-30086. + NOTE: Same fix as for CVE-2022-4645, CVE-2023-30086 and CVE-2023-30774. NOTE: The fix causes CVE-2023-2908. CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifte ...) {DSA-5333-1 DLA-3278-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abcbb6d1bc237611167433d33b57387c0bab0c1e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abcbb6d1bc237611167433d33b57387c0bab0c1e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits