Author: carnil
Date: 2017-11-04 22:51:26 +0000 (Sat, 04 Nov 2017)
New Revision: 57329
Modified:
data/CVE/list
Log:
Demote CVE-2017-16232 to unimportant
The issue is solely in the command line tool tiff2bw not in the library
and beeing hardly an issue with security impact. One scenario would be
if there is some services allowing users to convert images to greyscale
and causing a DoS to this service.
IMHO unimportant is still justified. If someone disagrees we can revert
this commit and mark the issue as 'no-dsa'.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-04 22:46:46 UTC (rev 57328)
+++ data/CVE/list 2017-11-04 22:51:26 UTC (rev 57329)
@@ -742,7 +742,7 @@
NOT-FOR-US: Progress Software OpenEdge
CVE-2017-16232 [memory-based DoS in tiff2bw]
RESERVED
- - tiff <unfixed> (low)
+ - tiff <unfixed> (unimportant)
NOTE: http://seclists.org/oss-sec/2017/q4/168
CVE-2017-16231 [match() stack overflow]
RESERVED
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
