Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6b05d881 by Salvatore Bonaccorso at 2018-05-05T09:01:01+02:00 Cleanup CVE-2016-5320 and CVE-2016-5875 Cleanup CVE-2016-5320 and CVE-2016-5875 as they were now properly rejected as reservation duplicates of the CVE-2016-5314 . All is covered already in CVE-2016-5314. - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/DSA/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -91917,17 +91917,8 @@ CVE-2016-6128 (The gdImageCropThreshold function in gd_crop.c in the GD Graphics CVE-2016-5876 (ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery ...) - owncloud <removed> NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-010 -CVE-2016-5875 [tiff: heap-based buffer overflow when using the PixarLog compression format] +CVE-2016-5875 REJECTED - {DSA-3762-1 DLA-610-1 DLA-606-1} - - tiff 4.0.6-2 (bug #830700) - - tiff3 <removed> - NOTE: Upstream fix: https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2 - NOTE: Duplicate with CVE-2016-5320 and CVE-2016-5314, cf. - NOTE: https://marc.info/?l=oss-security&m=146726894625359&w=2 - NOTE: but is not yet REJECTED by MITRE. - NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-5875.tif - NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0205/ CVE-2016-5874 (Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers ...) NOT-FOR-US: Siemens CVE-2016-5872 (In all Qualcomm products with Android releases from CAF using the ...) @@ -93781,12 +93772,8 @@ CVE-2016-5321 (The DumpModeDecode function in libtiff 4.0.6 and earlier allows . NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2558#c2 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2558 NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=657 -CVE-2016-5320 [rgb2ycbcr: command excution] +CVE-2016-5320 REJECTED - {DSA-3762-1 DLA-610-1 DLA-606-1} - - tiff 4.0.6-2 (bug #830700) - - tiff3 <removed> - NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554#c1 CVE-2016-5317 (Buffer overflow in the PixarLogDecode function in libtiff.so in the ...) {DSA-3762-1 DLA-610-1 DLA-606-1} - tiff 4.0.6-2 (bug #830700) ===================================== data/DLA/list ===================================== --- a/data/DLA/list +++ b/data/DLA/list @@ -2308,7 +2308,7 @@ {CVE-2016-5725} [wheezy] - jsch 0.1.42-2+deb7u1 [04 Sep 2016] DLA-610-1 tiff3 - security update - {CVE-2016-6223 CVE-2010-2596 CVE-2013-1961 CVE-2014-8128 CVE-2014-8129 CVE-2014-9655 CVE-2015-1547 CVE-2015-8665 CVE-2015-8683 CVE-2016-3186 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5875} + {CVE-2016-6223 CVE-2010-2596 CVE-2013-1961 CVE-2014-8128 CVE-2014-8129 CVE-2014-9655 CVE-2015-1547 CVE-2015-8665 CVE-2015-8683 CVE-2016-3186 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323} [wheezy] - tiff3 3.9.6-11+deb7u1 [02 Sep 2016] DLA-609-1 linux - security update {CVE-2016-3857 CVE-2016-4470 CVE-2016-5696 CVE-2016-5829 CVE-2016-6136 CVE-2016-6480 CVE-2016-6828 CVE-2016-7118} @@ -2322,7 +2322,7 @@ {CVE-2016-1242} [wheezy] - tryton-server 2.2.4-1+deb7u3 [30 Aug 2016] DLA-606-1 tiff - security update - {CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5875} + {CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323} [wheezy] - tiff 4.0.2-6+deb7u6 [29 Aug 2016] DLA-605-1 eog - security update {CVE-2016-6855} ===================================== data/DSA/list ===================================== --- a/data/DSA/list +++ b/data/DSA/list @@ -1509,7 +1509,7 @@ {CVE-2016-7068} [jessie] - pdns-recursor 3.6.2-2+deb8u3 [13 Jan 2017] DSA-3762-1 tiff - security update - {CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10271 CVE-2016-10272} + {CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5315 CVE-2016-5316 CVE-2016-5317 CVE-2016-5321 CVE-2016-5322 CVE-2016-5323 CVE-2016-5652 CVE-2016-6223 CVE-2016-9273 CVE-2016-9297 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9540 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-10271 CVE-2016-10272} [jessie] - tiff 4.0.3-12.3+deb8u2 [13 Jan 2017] DSA-3761-1 rabbitmq-server - security update {CVE-2016-9877} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b05d881f4aefbe868b86700758c01651e9c176f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b05d881f4aefbe868b86700758c01651e9c176f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits