Author: aw-guest Date: 2013-09-02 20:47:11 +0000 (Mon, 02 Sep 2013) New Revision: 23520
Modified: data/CVE/list Log: CVE-2013-1961 - tiff3 not affected Modified: data/CVE/list =================================================================== --- data/CVE/list 2013-09-02 14:42:20 UTC (rev 23519) +++ data/CVE/list 2013-09-02 20:47:11 UTC (rev 23520) @@ -9050,8 +9050,9 @@ CVE-2013-1961 (Stack-based buffer overflow in the t2p_write_pdf_page function in ...) {DSA-2698-1} - tiff 4.0.2-6+nmu1 (bug #706674) - - tiff3 3.9.7-1 (bug #712840) + - tiff3 <not-affected> (bug #712840) [wheezy] - tiff3 <no-dsa> (the changes that effect the library are just hardening, converting uses of sprintf to snprintf. those can be rolled into the next tiff3 update, but a separate dsa isn't needed) + NOTE: The tiff3 package does not include tiff2pdf, so the issue does not applyto tiff3. CVE-2013-1960 (Heap-based buffer overflow in the tp_process_jpeg_strip function in ...) {DSA-2698-1} - tiff 4.0.2-6+nmu1 (bug #706675) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits