[Secure-testing-commits] r46425 - data/CVE

Tue, 22 Nov 2016 02:04:48 -0800 

Author: hertzog
Date: 2016-11-22 09:58:27 +0000 (Tue, 22 Nov 2016)
New Revision: 46425

Modified:
   data/CVE/list
Log:
Add more data on libtiff CVE

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-11-22 09:24:12 UTC (rev 46424)
+++ data/CVE/list       2016-11-22 09:58:27 UTC (rev 46425)
@@ -284,6 +284,12 @@
        NOTE: 
https://github.com/vadz/libtiff/commit/d2955714a4a0b8ca10941550cfbf64c7e111fbf1
        NOTE: For unstable this fix was included in the fix for TALOS-CAN-0187 
/ CVE-2016-5652
        NOTE: and included in patches/09-CVE-2016-5652.patch
+       NOTE: Problem not reproducible in wheezy with 4.0.2-6+deb7u7, in jessie 
with 4.0.3-12.3+deb8u1, in both cases I get this output (but no segfault or 
error with valgrind):
+       NOTE: TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; 
tags are not sorted in ascending order.
+       NOTE: TIFFReadDirectory: Warning, Unknown field with tag 1 (0x1) 
encountered.
+       NOTE: TIFFReadDirectory: Warning, Unknown field with tag 3 (0x3) 
encountered.
+       NOTE: TIFFReadDirectory: IO error during reading of "BitsPerSample".
+       NOTE: tiff2pdf: Can't open input file ./CVE-2016-9453.tiff for reading.
 CVE-2016-9446 [gstreamer 0.10 VMNC code execution #2]
        RESERVED
        {DSA-3717-1 DLA-712-1}
@@ -729,13 +735,18 @@
        - tiff 4.0.7-1 (bug #844226)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
        NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/2
+       NOTE: Patch 
https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed
+       NOTE: Reproducible with valgrind in wheezy with 4.0.2-6+deb7u7
+       NOTE: Reproducible with valgrind in jessie with 4.0.3-12.3+deb8u1
        NOTE: When fixing this CVE make sure to make the fix complete and not
        NOTE: introduce CVE-2016-9448 / 
http://bugzilla.maptools.org/show_bug.cgi?id=2593
        NOTE: Fix in 4.0.7 is complete.
+       NOTE: Patch CVE-2016-9448: 
https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e
 CVE-2016-9532 [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
        - tiff 4.0.7-1 (bug #844057)
        [jessie] - tiff <no-dsa> (Minor issue)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592
+       NOTE: Patch: 
https://github.com/vadz/libtiff/commit/21d39de1002a5e69caa0574b2cc05d795d6fbfad
        NOTE: http://www.openwall.com/lists/oss-security/2016/11/11/14
 CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old 
versions ...)
        - p7zip 16.02+dfsg-2 (bug #844344)
@@ -769,7 +780,9 @@
        RESERVED
        - tiff 4.0.7-1 (bug #844013)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2587
-       NOTE: http://www.openwall.com/lists/oss-security/2016/11/09/20
+       NOTE: Patch: 
https://github.com/vadz/libtiff/commit/d651abc097d91fac57f33b5f9447d0a9183f58e7
+       NOTE: Can be reproduced with valgrind in wheezy with libtiff 
4.0.2-6+deb7u7
+       NOTE: Can be reproduced with valgrind in jessie with libtiff 
4.0.3-12.3+deb8u1
 CVE-2016-9261
        RESERVED
 CVE-2016-9260


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to