Author: carnil Date: 2017-06-27 12:31:10 +0000 (Tue, 27 Jun 2017) New Revision: 52947
Modified: data/CVE/list Log: Add bug reporte for CVE-2017-9935/tiff, #866109 Remove Note about unreproducibility. Both 4.0.8-2 and as well testing against 2017-06-26 Even Rouault <even.rouault at spatialys.com> * libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode() Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 Reported by team OWL337 exercises the problem with all four provided reproducers. Oder versions have not been checked source-wise for the issue. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-06-27 11:29:19 UTC (rev 52946) +++ data/CVE/list 2017-06-27 12:31:10 UTC (rev 52947) @@ -102,10 +102,9 @@ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ...) - - tiff <unfixed> + - tiff <unfixed> (bug #866109) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2704 - NOTE: Could not reproduce with the latest CVS version CVE-2017-9934 RESERVED CVE-2017-9933 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits