[Secure-testing-commits] r51654 - data/CVE

Mon, 15 May 2017 10:04:23 -0700 

Author: jmm
Date: 2017-05-15 17:03:53 +0000 (Mon, 15 May 2017)
New Revision: 51654

Modified:
   data/CVE/list
Log:
mark one tiff issue as fixed in jessie
 several CVE IDs have been issued for use of _TIFFGETField and this one
 was for thumbnail(1) in particular, so marking as fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-05-15 17:02:44 UTC (rev 51653)
+++ data/CVE/list       2017-05-15 17:03:53 UTC (rev 51654)
@@ -15,11 +15,11 @@
        NOTE: http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15
        NOTE: Fixed by: 
http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd
 CVE-2017-8934 [single instance socket may be blocked by another user]
-       - pcmanfm 1.2.5-3 (bug #862571)
+       - pcmanfm 1.2.5-3 (low; bug #862571)
        [jessie] - pcmanfm <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08
 CVE-2017-8933 [menu-cached socket may be blocked by another user]
-       - menu-cache 1.0.2-3 (bug #862570)
+       - menu-cache 1.0.2-3 (low; bug #862570)
        [jessie] - menu-cache <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce
 CVE-2017-8927
@@ -38306,9 +38306,12 @@
        NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed 
although technically still present in the source package
 CVE-2016-5318 (Stack-based buffer overflow in the _TIFFVGetField function in 
libtiff ...)
        {DLA-693-1 DLA-692-1}
-       - tiff <unfixed> (bug #842043)
+       - tiff 4.0.6-3
+       [jessie] - tiff 4.0.3-12.3+deb8u2
        - tiff3 <removed>
-       NOTE: _TIFFVGetField isn't specific to thumbnail tool
+       NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as 
fixed although technically still present in the source package
+       NOTE: _TIFFVGetField isn't specific to thumbnail tool, there's 
http://bugzilla.maptools.org/show_bug.cgi?id=2580 to enhance that,
+       NOTE: but treating this bug (as related to thumbmail) as fixed.
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2561
        NOTE: This seems a duplicate of CVE-2015-7554 ( 
http://bugzilla.maptools.org/show_bug.cgi?id=2564 ). At the very least, a 
generic fix for CVE-2015-7554 would also fix this one as the illegal write is 
at the exact same location in the code.
        NOTE: Reproducer file here: 
http://bugzilla.maptools.org/attachment.cgi?id=671


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to