Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: fa588a70 by Salvatore Bonaccorso at 2023-07-31T00:03:00+02:00 Reverse order of the CVEs for tiff Seems that the the CVEs were swappend while filling in the details. CVE-2023-38288 is associated with https://gitlab.com/libtiff/libtiff/-/issues/591 . CVE-2023-38289 is associated with https://gitlab.com/libtiff/libtiff/-/issues/592 . OTOH the RHBZ subject descriptions and contents are swapped added repsective notes on https://bugzilla.redhat.com/show_bug.cgi?id=2224971 and https://bugzilla.redhat.com/show_bug.cgi?id=2224974 . Fixes: 0bdc959b6a1e ("fill in details for tiff issues") - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -570,13 +570,13 @@ CVE-2023-32232 (An issue was discovered in Vasion PrinterLogic Client for Window CVE-2023-32231 (An issue was discovered in Vasion PrinterLogic Client for Windows befo ...) NOT-FOR-US: Vasion CVE-2023-38289 [libtiff: potential integer overflow in raw2tiff.c] - - tiff 4.5.1+git230720-1 - NOTE: https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5 - NOTE: https://gitlab.com/libtiff/libtiff/-/issues/591 -CVE-2023-38288 [libtiff: integer overflow in tiffcp.c] - tiff 4.5.1+git230720-1 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/592 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee +CVE-2023-38288 [libtiff: integer overflow in tiffcp.c] + - tiff 4.5.1+git230720-1 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/591 CVE-2023-3870 REJECTED CVE-2023-3863 (A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa588a70f24cb5fe4a07a24ed76ebbcd74806f66 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa588a70f24cb5fe4a07a24ed76ebbcd74806f66 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits