[Secure-testing-commits] r48324 - data/CVE

Tue, 24 Jan 2017 01:10:53 -0800 

Author: sectracker
Date: 2017-01-24 09:10:12 +0000 (Tue, 24 Jan 2017)
New Revision: 48324

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-01-24 08:39:42 UTC (rev 48323)
+++ data/CVE/list       2017-01-24 09:10:12 UTC (rev 48324)
@@ -131,12 +131,14 @@
        NOTE: Fixed by: 
https://git.kernel.org/linus/a45f795c65b479b4ba107b6ccde29b896d51ee98 
(v4.10-rc1)
 CVE-2016-10152 [Use of hard-coded DNS domain if configuration file cannot be 
read]
        RESERVED
+       {DLA-796-1}
        - hesiod <unfixed> (low; bug #852093)
        [jessie] - hesiod <no-dsa> (Minor issue)
        NOTE: https://github.com/achernya/hesiod/pull/10
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332493
 CVE-2016-10151 [Weak SUID check allowing privilege elevation]
        RESERVED
+       {DLA-796-1}
        - hesiod <unfixed> (low; bug #852094)
        [jessie] - hesiod <no-dsa> (Minor issue)
        NOTE: https://github.com/achernya/hesiod/pull/9
@@ -929,6 +931,7 @@
 CVE-2017-5227
        RESERVED
 CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow 
in the ...)
+       {DLA-795-1}
        - tiff 4.0.7-5 (bug #851297)
        NOTE: Fixed by: 
https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2656
@@ -1736,13 +1739,13 @@
        NOTE: Fixed by: 
https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
 CVE-2016-10093 [uint32 underflow/overflow that can cause heap-based buffer 
overflow in tiffcp]
        RESERVED
-       {DSA-3762-1}
+       {DSA-3762-1 DLA-795-1}
        - tiff 4.0.7-2
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2610
        NOTE: Fixed by: 
https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
 CVE-2016-10092 [heap-buffer-overflow in tiffcrop]
        RESERVED
-       {DSA-3762-1}
+       {DSA-3762-1 DLA-795-1}
        - tiff 4.0.7-2
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
        NOTE: Fixed by: 
https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
@@ -14204,7 +14207,7 @@
        NOTE: Fix in 4.0.7 is complete.
        NOTE: Patch CVE-2016-9448: 
https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e
 CVE-2016-9540 (tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on 
tiled ...)
-       {DSA-3762-1}
+       {DSA-3762-1 DLA-795-1}
        - tiff 4.0.7-1
        NOTE: 
https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3
 CVE-2016-9539 (tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in 
...)
@@ -14212,27 +14215,28 @@
        NOTE: 
https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53
        NOTE: Crash in CLI tool, no security impact
 CVE-2016-9538 (tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in 
...)
-       {DSA-3762-1}
+       {DSA-3762-1 DLA-795-1}
        - tiff 4.0.7-1
        NOTE: 
https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f
 CVE-2016-9537 (tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write ...)
-       {DSA-3762-1}
+       {DSA-3762-1 DLA-795-1}
        - tiff 4.0.7-1
        NOTE: 
https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f
 CVE-2016-9536 (tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write ...)
-       {DSA-3762-1}
+       {DSA-3762-1 DLA-795-1}
        - tiff 4.0.7-1
        NOTE: 
https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e
 CVE-2016-9535 (tif_predict.h and tif_predict.c in libtiff 4.0.6 have 
assertions that ...)
+       {DLA-795-1}
        - tiff 4.0.7-1
        NOTE: 
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
        NOTE: 
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
 CVE-2016-9534 (tif_write.c in libtiff 4.0.6 has an issue in the error code 
path of ...)
-       {DSA-3762-1}
+       {DSA-3762-1 DLA-795-1}
        - tiff 4.0.7-1
        NOTE: 
https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
 CVE-2016-9533 (tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write 
vulnerabilities ...)
-       {DSA-3762-1}
+       {DSA-3762-1 DLA-795-1}
        - tiff 4.0.7-1
        NOTE: 
https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef
 CVE-2016-9532 [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
@@ -31981,7 +31985,7 @@
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2543
        NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-3991.tif
 CVE-2016-3990 (Heap-based buffer overflow in the horizontalDifference8 
function in ...)
-       {DSA-3762-1 DLA-610-1}
+       {DSA-3762-1 DLA-795-1 DLA-610-1}
        - tiff 4.0.7-1 (bug #836570)
        - tiff3 <removed> (unimportant)
        NOTE: src:tiff3: built binary packages do not contain the TIFF tools
@@ -32204,7 +32208,7 @@
 CVE-2016-3946 (SAP Console (aka SAPConsole) 7.30 allows local users to 
discover SAP ...)
        TODO: check
 CVE-2016-3945 (Multiple integer overflows in the (1) cvt_by_strip and (2) 
cvt_by_tile ...)
-       {DSA-3762-1 DLA-610-1}
+       {DSA-3762-1 DLA-795-1 DLA-610-1}
        - tiff 4.0.7-1
        - tiff3 <removed> (unimportant)
        NOTE: src:tiff3: built binary packages do not contain the TIFF tools
@@ -33079,19 +33083,19 @@
        NOTE: CVE probably should/needs to be rejected, since upstream is as 
well unable to
        NOTE: reproduce the issue. Might have been a problem on reporter from 
id=2566
 CVE-2016-3624 (The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 
and ...)
-       {DSA-3762-1}
+       {DSA-3762-1 DLA-795-1}
        - tiff 4.0.6-3
        - tiff3 <not-affected> (tiff tools not built)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2568
        NOTE: Upstream marked this duplicate of bug 2569
 CVE-2016-3623 (The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote 
...)
-       {DSA-3762-1 DLA-610-1}
+       {DSA-3762-1 DLA-795-1 DLA-610-1}
        - tiff 4.0.6-3 (unimportant)
        - tiff3 <removed> (unimportant)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2569
        NOTE: No security impact, just triggers a crash in a CLI tool
 CVE-2016-3622 (The fpAcc function in tif_predict.c in the tiff2rgba tool in 
LibTIFF ...)
-       {DSA-3762-1}
+       {DSA-3762-1 DLA-795-1}
        - tiff 4.0.7-1 (low; bug #820365)
        - tiff3 <not-affected> (tiff tools not built)
        NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/4


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to