Author: apo
Date: 2017-04-24 10:06:51 +0000 (Mon, 24 Apr 2017)
New Revision: 50987
Modified:
data/CVE/list
Log:
CVE-2017-7602,tiff3: Wheezy is not affected
Not reproducible and code is different
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-24 09:53:55 UTC (rev 50986)
+++ data/CVE/list 2017-04-24 10:06:51 UTC (rev 50987)
@@ -1361,6 +1361,7 @@
{DLA-911-1}
- tiff 4.0.7-6
- tiff3 <removed>
+ [wheezy] - tiff3 <not-affected> (vulnerable code not present)
NOTE:
https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
NOTE:
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7601 (LibTIFF 4.0.7 has a "shift exponent too large for 64-bit
type long" ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
