Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits: 376c6d8e by Abhijith PA at 2024-03-11T10:41:16+05:30 The PoC given is not reproducible in buster but this CVE is an general issue from an incomplete fix from 4.0.10. But too invasive patch for a minor issue. - - - - - 61509b66 by Abhijith PA at 2024-03-11T10:47:10+05:30 Backporting CVE-2023-6277 can introduce regression in libimager-perl - - - - - ae62c233 by Abhijith PA at 2024-03-11T10:51:24+05:30 Upstream fixed this issue by providing an update to doc. tiff in buster have html docs and upstream in .rst. Not worth converting docs. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -10250,7 +10250,7 @@ CVE-2023-52355 (An out-of-memory flaw was found in libtiff that could be trigger - tiff 4.5.1+git230720-4 [bookworm] - tiff <no-dsa> (Minor issue) [bullseye] - tiff <no-dsa> (Minor issue) - [buster] - tiff <postponed> (Minor issue, DoS) + [buster] - tiff <ignored> (Minor issue, DoS) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/621 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/553 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/335947359ce2dd3862cd9f7c49f92eba065dfed4 @@ -21875,7 +21875,7 @@ CVE-2023-6277 (An out-of-memory flaw was found in libtiff. Passing a crafted tif - tiff 4.5.1+git230720-2 (bug #1056751) [bookworm] - tiff <no-dsa> (Minor issue; will cause compatibility issue with libimager-perl, cf #1057270) [bullseye] - tiff <no-dsa> (Minor issue; will cause compatibility issue with libimager-perl, cf #1057270) - [buster] - tiff <postponed> (Minor issue; OOM DoS) + [buster] - tiff <ignored> (Minor issue; OOM DoS) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/614 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/545 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/5320c9d89c054fa805d037d84c57da874470b01a @@ -106015,7 +106015,7 @@ CVE-2022-40091 (Online Tours & Travels Management System v1.0 was discovered to CVE-2022-40090 (An issue was discovered in function TIFFReadDirectory libtiff before 4 ...) - tiff 4.5.0-2 [bullseye] - tiff <no-dsa> (Minor issue) - [buster] - tiff <postponed> (Minor issue, DoS) + [buster] - tiff <ignored> (Minor issue, DoS) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/455 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/386 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/d093eb5d961e21ba51420bc22382c514683a4d91 (v4.5.0rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f95d3ce82bb4c126f1895a4fc26d26e068cd8ccb...ae62c23362ed648db3ff8b56ca0d38aedf975d58 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f95d3ce82bb4c126f1895a4fc26d26e068cd8ccb...ae62c23362ed648db3ff8b56ca0d38aedf975d58 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits