Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a20dade by Moritz Mühlenhoff at 2022-03-24T19:37:51+01:00
tiff DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -8217,15 +8217,11 @@ CVE-2022-0563 (A flaw was found in the util-linux chfn
and chsh utilities when c
CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function
within ...)
{DLA-2932-1}
- tiff 4.3.0-4
- [bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function
within ...)
{DLA-2932-1}
- tiff 4.3.0-4
- [bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to
1.2.11. ...)
@@ -14968,8 +14964,6 @@ CVE-2022-22845 (QXIP SIPCAPTURE homer-app before 1.4.28
for HOMER 7.x has the sa
CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in
tif_unix.c i ...)
{DLA-2932-1}
- tiff 4.3.0-3
- [bullseye] - tiff <no-dsa> (Minor issue)
- [buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/355
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/287
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[24 Mar 2022] DSA-5108-1 tiff - security update
+ {CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 CVE-2022-0907
CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-22844}
+ [buster] - tiff 4.1.0+git191117-2~deb10u4
+ [bullseye] - tiff 4.2.0-1+deb11u1
[24 Mar 2022] DSA-5107-1 php-twig - security update
{CVE-2022-23614}
[bullseye] - php-twig 2.14.3-1+deb11u1
=====================================
data/dsa-needed.txt
=====================================
@@ -37,8 +37,6 @@ rpki-client/stable
--
sox
--
-tiff (jmm)
---
trafficserver (jmm)
wait until status for CVE-2021-38161 is clarified (upstream patch got
reverted)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a20dade7f5d96da0291abd28ce1fd3e7f76fc38
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a20dade7f5d96da0291abd28ce1fd3e7f76fc38
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
