Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6b05d881 by Salvatore Bonaccorso at 2018-05-05T09:01:01+02:00
Cleanup CVE-2016-5320 and CVE-2016-5875
Cleanup CVE-2016-5320 and CVE-2016-5875 as they were now properly
rejected as reservation duplicates of the CVE-2016-5314 . All is covered
already in CVE-2016-5314.
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -91917,17 +91917,8 @@ CVE-2016-6128 (The gdImageCropThreshold function in
gd_crop.c in the GD Graphics
CVE-2016-5876 (ownCloud server before 8.2.6 and 9.x before 9.0.3, when the
gallery ...)
- owncloud <removed>
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-010
-CVE-2016-5875 [tiff: heap-based buffer overflow when using the PixarLog
compression format]
+CVE-2016-5875
REJECTED
- {DSA-3762-1 DLA-610-1 DLA-606-1}
- - tiff 4.0.6-2 (bug #830700)
- - tiff3 <removed>
- NOTE: Upstream fix:
https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
- NOTE: Duplicate with CVE-2016-5320 and CVE-2016-5314, cf.
- NOTE: https://marc.info/?l=oss-security&m=146726894625359&w=2
- NOTE: but is not yet REJECTED by MITRE.
- NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-5875.tif
- NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0205/
CVE-2016-5874 (Siemens SIMATIC NET PC-Software before 13 SP2 allows remote
attackers ...)
NOT-FOR-US: Siemens
CVE-2016-5872 (In all Qualcomm products with Android releases from CAF using
the ...)
@@ -93781,12 +93772,8 @@ CVE-2016-5321 (The DumpModeDecode function in libtiff
4.0.6 and earlier allows .
NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2558#c2
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2558
NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=657
-CVE-2016-5320 [rgb2ycbcr: command excution]
+CVE-2016-5320
REJECTED
- {DSA-3762-1 DLA-610-1 DLA-606-1}
- - tiff 4.0.6-2 (bug #830700)
- - tiff3 <removed>
- NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554#c1
CVE-2016-5317 (Buffer overflow in the PixarLogDecode function in libtiff.so in
the ...)
{DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.6-2 (bug #830700)
=====================================
data/DLA/list
=====================================
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -2308,7 +2308,7 @@
{CVE-2016-5725}
[wheezy] - jsch 0.1.42-2+deb7u1
[04 Sep 2016] DLA-610-1 tiff3 - security update
- {CVE-2016-6223 CVE-2010-2596 CVE-2013-1961 CVE-2014-8128 CVE-2014-8129
CVE-2014-9655 CVE-2015-1547 CVE-2015-8665 CVE-2015-8683 CVE-2016-3186
CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314
CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321
CVE-2016-5322 CVE-2016-5323 CVE-2016-5875}
+ {CVE-2016-6223 CVE-2010-2596 CVE-2013-1961 CVE-2014-8128 CVE-2014-8129
CVE-2014-9655 CVE-2015-1547 CVE-2015-8665 CVE-2015-8683 CVE-2016-3186
CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314
CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5321 CVE-2016-5322
CVE-2016-5323}
[wheezy] - tiff3 3.9.6-11+deb7u1
[02 Sep 2016] DLA-609-1 linux - security update
{CVE-2016-3857 CVE-2016-4470 CVE-2016-5696 CVE-2016-5829 CVE-2016-6136
CVE-2016-6480 CVE-2016-6828 CVE-2016-7118}
@@ -2322,7 +2322,7 @@
{CVE-2016-1242}
[wheezy] - tryton-server 2.2.4-1+deb7u3
[30 Aug 2016] DLA-606-1 tiff - security update
- {CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317
CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5875}
+ {CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317
CVE-2016-5321 CVE-2016-5322 CVE-2016-5323}
[wheezy] - tiff 4.0.2-6+deb7u6
[29 Aug 2016] DLA-605-1 eog - security update
{CVE-2016-6855}
=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1509,7 +1509,7 @@
{CVE-2016-7068}
[jessie] - pdns-recursor 3.6.2-2+deb8u3
[13 Jan 2017] DSA-3762-1 tiff - security update
- {CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990
CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317
CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652
CVE-2016-5875 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9453
CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9536 CVE-2016-9537
CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094
CVE-2016-10271 CVE-2016-10272}
+ {CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990
CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317
CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-6223
CVE-2016-9273 CVE-2016-9297 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533
CVE-2016-9534 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540
CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10271 CVE-2016-10272}
[jessie] - tiff 4.0.3-12.3+deb8u2
[13 Jan 2017] DSA-3761-1 rabbitmq-server - security update
{CVE-2016-9877}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b05d881f4aefbe868b86700758c01651e9c176f
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b05d881f4aefbe868b86700758c01651e9c176f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
