Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9e58c6a6 by Salvatore Bonaccorso at 2020-04-24T21:09:22+02:00
Remove several no-dsa tags from stretch's tiff entries
Fixes for those CVEs will be included in a planned update.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43113,7 +43113,6 @@ CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows
mobile/error-not-supported-plat
CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF
through ...)
{DSA-4608-1 DLA-1897-1}
- tiff 4.0.10+git190814-1 (low; bug #934780)
- [stretch] - tiff <no-dsa> (Minor issue)
- tiff3 <removed>
NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/90
NOTE:
https://gitlab.com/libtiff/libtiff/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773
@@ -66094,7 +66093,6 @@ CVE-2019-7664 (In elfutils 0.175, a negative-sized
memcpy is attempted in elf_cv
CVE-2019-7663 (An Invalid Address dereference was discovered in
TIFFWriteDirectoryTag ...)
{DLA-1680-1}
- tiff 4.0.10-4
- [stretch] - tiff <postponed> (Minor issue)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2833
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39
@@ -88106,7 +88104,6 @@ CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer
dereference at function
CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the
TIFFWrite ...)
{DLA-1680-1}
- tiff 4.0.10-4 (bug #913675)
- [stretch] - tiff <postponed> (Minor issue, revisit when fixed upstream)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2820
NOTE:
https://gitlab.com/libtiff/libtiff/commit/d0a842c5dbad2609aed43c701a12ed12461d3405
@@ -93646,7 +93643,6 @@ CVE-2018-17101 (An issue was discovered in LibTIFF
4.0.9. There are two out-of-b
CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32
overflow in ...)
{DLA-1557-1}
- tiff 4.0.9+git181026-1 (low; bug #909038)
- [stretch] - tiff <postponed> (Minor issue)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2810
NOTE:
https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e
@@ -93890,7 +93886,6 @@ CVE-2018-17001 (On the RICOH SP 4510SF printer, HTML
Injection and Stored XSS vu
CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at
tif_unix.c ( ...)
{DLA-1680-1}
- tiff 4.0.10-4 (bug #908778)
- [stretch] - tiff <postponed> (Minor issue)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2811
NOTE: Relates to http://bugzilla.maptools.org/show_bug.cgi?id=2833
@@ -104479,7 +104474,6 @@ CVE-2018-12901 (A vulnerability in the conferencing
component of Mitel ST 14.2,
CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf
function in ...)
{DLA-2009-1}
- tiff 4.0.10-4 (bug #902718)
- [stretch] - tiff <postponed> (Minor issue, can be fixed along in future
DSA)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2798
NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/60
NOTE:
https://gitlab.com/libtiff/libtiff/commit/27124e9148b2056d0e0bf4033b4924d5d2a38d01
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e58c6a6d457c54a70da4c185ee2ab550ce223af
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e58c6a6d457c54a70da4c185ee2ab550ce223af
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
