[Git][security-tracker-team/security-tracker][master] 2 commits: CVEs fixed in recent upload

Sun, 27 Jun 2021 16:02:56 -0700 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0089dc55 by Thorsten Alteholz at 2021-06-28T00:31:56+02:00
CVEs fixed in recent upload

- - - - -
28d24d7a by Thorsten Alteholz at 2021-06-28T01:02:37+02:00
Reserve DLA-2694-1 for tiff

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38118,13 +38118,11 @@ CVE-2020-35525
 CVE-2020-35524 (A heap-based buffer overflow flaw was found in libtiff in the 
handling ...)
        {DSA-4869-1}
        - tiff 4.1.0+git201212-1
-       [stretch] - tiff <no-dsa> (can be fixed along in next DLA)
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159
 CVE-2020-35523 (An integer overflow flaw was found in libtiff that exists in 
the tif_g ...)
        {DSA-4869-1}
        - tiff 4.1.0+git201212-1
-       [stretch] - tiff <no-dsa> (can be fixed along in next DLA)
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/160
 CVE-2020-35522 (In LibTIFF, there is a memory malloc failure in 
tif_pixarlog.c. A craf ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Jun 2021] DLA-2694-1 tiff - security update
+       {CVE-2020-35523 CVE-2020-35524}
+       [stretch] - tiff 4.0.8-2+deb9u6
 [28 Jun 2021] DLA-2693-1 xmlbeans - security update
        {CVE-2021-23926}
        [stretch] - xmlbeans 2.6.0+dfsg-1+deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e51a46c98da5c15ecd22084349df4c2605cfb6bd...28d24d7ae92819927bb573437e65e89f87f81315

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e51a46c98da5c15ecd22084349df4c2605cfb6bd...28d24d7ae92819927bb573437e65e89f87f81315
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to