Author: jmm
Date: 2017-05-19 21:22:11 +0000 (Fri, 19 May 2017)
New Revision: 51764
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
tiff triage
libetpan no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-19 21:10:16 UTC (rev 51763)
+++ data/CVE/list 2017-05-19 21:22:11 UTC (rev 51764)
@@ -591,7 +591,8 @@
CVE-2017-8856 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance
3.0 and ...)
NOT-FOR-US: Veritas NetBackup
CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in
tif_dirwrite.c in ...)
- - tiff <unfixed> (bug #862929)
+ - tiff <unfixed> (low; bug #862929)
+ [jessie] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
[wheezy] - tiff3 <no-dsa> (tiff tools are not built, can be fixed later)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535
@@ -688,6 +689,7 @@
RESERVED
CVE-2017-8825 (A null dereference vulnerability has been found in the MIME
handling ...)
- libetpan <unfixed> (bug #862151)
+ [jessie] - libetpan <no-dsa> (Minor issue)
NOTE:
https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d
NOTE: https://github.com/dinhviethoa/libetpan/issues/274
CVE-2017-8824
@@ -12427,13 +12429,10 @@
CVE-2017-4955
RESERVED
CVE-2016-10095 (Stack-based buffer overflow in the _TIFFVGetField function in
...)
- - tiff <unfixed> (bug #850316)
- [wheezy] - tiff 4.0.2-6+deb7u7
- - tiff3 <removed>
- [wheezy] - tiff3 <not-affected> (Unreproducible, does not support
BigTIFF files)
- NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625
- NOTE: probably preemptively fixed in 4.0.2-6+deb7u7 wheezy upload, as
test case doesn't trigger issue
- NOTE: similar to CVE-2015-7554 and CVE-2016-5318
+ NOTE: This is a duplicate of CVE-2015-7554, both were reported against
tiffsplit
+ NOTE: While the _TIFFVGetField function is a generic function, CVE IDs
seem to be
+ NOTE: assigned per tool using it, so CVE-2015-7554/CVE-2016-10095
refers to the
+ NOTE: tiffsplit tool
CVE-2016-10094 (Off-by-one error in the t2p_readwrite_pdf_image_tile function
in ...)
{DSA-3762-1}
- tiff 4.0.7-4
@@ -58897,7 +58896,7 @@
NOTE: Upstream fix
http://sourceforge.net/p/giflib/code/ci/179510be300bf11115e37528d79619b53c884a63
CVE-2015-7554 (The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6
allows ...)
{DLA-693-1 DLA-692-1}
- - tiff <unfixed> (bug #809066; bug #842043)
+ - tiff <unfixed> (bug #809066; bug #842043; bug #850316)
- tiff3 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2015/12/26/7
NOTE: SUSE seem to have a fix (disputed):
https://bugzilla.novell.com/show_bug.cgi?id=960341
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2017-05-19 21:10:16 UTC (rev 51763)
+++ data/dsa-needed.txt 2017-05-19 21:22:11 UTC (rev 51764)
@@ -33,6 +33,9 @@
qemu
Maintainer asked to prepare updates
--
+tiff
+ wait until more issues have piled up
+--
wireshark (seb)
2017-05-13: asked balint@ if he wants to prepare an update now
--
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
