Author: carnil Date: 2017-11-04 22:51:26 +0000 (Sat, 04 Nov 2017) New Revision: 57329
Modified: data/CVE/list Log: Demote CVE-2017-16232 to unimportant The issue is solely in the command line tool tiff2bw not in the library and beeing hardly an issue with security impact. One scenario would be if there is some services allowing users to convert images to greyscale and causing a DoS to this service. IMHO unimportant is still justified. If someone disagrees we can revert this commit and mark the issue as 'no-dsa'. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-04 22:46:46 UTC (rev 57328) +++ data/CVE/list 2017-11-04 22:51:26 UTC (rev 57329) @@ -742,7 +742,7 @@ NOT-FOR-US: Progress Software OpenEdge CVE-2017-16232 [memory-based DoS in tiff2bw] RESERVED - - tiff <unfixed> (low) + - tiff <unfixed> (unimportant) NOTE: http://seclists.org/oss-sec/2017/q4/168 CVE-2017-16231 [match() stack overflow] RESERVED _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits