[Git][security-tracker-team/security-tracker][master] 3 commits: The PoC given is not reproducible in buster but this CVE is an

[Abhijith PA (@abhijith)]

Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
376c6d8e by Abhijith PA at 2024-03-11T10:41:16+05:30
The PoC given is not reproducible in buster but this CVE is an
general issue from an incomplete fix from 4.0.10.
But too invasive patch for a minor issue.

- - - - -
61509b66 by Abhijith PA at 2024-03-11T10:47:10+05:30
Backporting CVE-2023-6277 can introduce regression in libimager-perl

- - - - -
ae62c233 by Abhijith PA at 2024-03-11T10:51:24+05:30
Upstream fixed this issue by providing an update to doc.
tiff in buster have html docs and upstream in .rst. Not worth
converting docs.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10250,7 +10250,7 @@ CVE-2023-52355 (An out-of-memory flaw was found in 
libtiff that could be trigger
        - tiff 4.5.1+git230720-4
        [bookworm] - tiff <no-dsa> (Minor issue)
        [bullseye] - tiff <no-dsa> (Minor issue)
-       [buster] - tiff <postponed> (Minor issue, DoS)
+       [buster] - tiff <ignored> (Minor issue, DoS)
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/621
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/553
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/335947359ce2dd3862cd9f7c49f92eba065dfed4
@@ -21875,7 +21875,7 @@ CVE-2023-6277 (An out-of-memory flaw was found in 
libtiff. Passing a crafted tif
        - tiff 4.5.1+git230720-2 (bug #1056751)
        [bookworm] - tiff <no-dsa> (Minor issue; will cause compatibility issue 
with libimager-perl, cf #1057270)
        [bullseye] - tiff <no-dsa> (Minor issue; will cause compatibility issue 
with libimager-perl, cf #1057270)
-       [buster] - tiff <postponed> (Minor issue; OOM DoS)
+       [buster] - tiff <ignored> (Minor issue; OOM DoS)
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/614
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/545
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/5320c9d89c054fa805d037d84c57da874470b01a
@@ -106015,7 +106015,7 @@ CVE-2022-40091 (Online Tours & Travels Management 
System v1.0 was discovered to
 CVE-2022-40090 (An issue was discovered in function TIFFReadDirectory libtiff 
before 4 ...)
        - tiff 4.5.0-2
        [bullseye] - tiff <no-dsa> (Minor issue)
-       [buster] - tiff <postponed> (Minor issue, DoS)
+       [buster] - tiff <ignored> (Minor issue, DoS)
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/455
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/386
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/d093eb5d961e21ba51420bc22382c514683a4d91
 (v4.5.0rc1)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f95d3ce82bb4c126f1895a4fc26d26e068cd8ccb...ae62c23362ed648db3ff8b56ca0d38aedf975d58

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f95d3ce82bb4c126f1895a4fc26d26e068cd8ccb...ae62c23362ed648db3ff8b56ca0d38aedf975d58
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits