Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6c03648f by Salvatore Bonaccorso at 2017-12-30T10:29:52+01:00
Add CVE-2017-17973/tiff
Marked as no-dsa (but we might downgrate it even to unimportant) since
provokes afaics only a crash in commandline tools tiff2pdf.
Since tiff3 does not privide the tools, marked unimportant straight for
src:tiff3.
Note for reviewes: double-check.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -52,7 +52,11 @@ CVE-2017-17975 (Use-after-free in the usbtv_probe function
in ...)
CVE-2017-17974 (BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*,
HTTPserv ...)
TODO: check
CVE-2017-17973 (In LibTIFF 4.0.8, there is a heap-based use-after-free in the
...)
- TODO: check
+ - tiff <unfixed>
+ [stretch] - tiff <no-dsa> (Minor issue)
+ [jessie] - tiff <no-dsa> (Minor issue)
+ - tiff3 <removed> (unimportant)
+ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2769
CVE-2017-1000447
REJECTED
TODO: check
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c03648f52337be31af0f449150bc5c32df75e49
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c03648f52337be31af0f449150bc5c32df75e49
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
