[Git][security-tracker-team/security-tracker][master] Reserve DLA-3758-1 for tiff

Mon, 11 Mar 2024 04:19:59 -0700 


Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7199e99c by Abhijith PA at 2024-03-11T16:48:11+05:30
Reserve DLA-3758-1 for tiff

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -10267,7 +10267,6 @@ CVE-2023-52356 (A segment fault (SEGV) flaw was found 
in libtiff that could be t
        - tiff 4.5.1+git230720-4 (bug #1061524)
        [bookworm] - tiff <no-dsa> (Minor issue)
        [bullseye] - tiff <no-dsa> (Minor issue)
-       [buster] - tiff <postponed> (Minor issue, DoS)
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/622
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/546
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a
@@ -30802,7 +30801,6 @@ CVE-2023-3665 (A code injection vulnerability in 
Trellix ENS 10.7.0 April 2023 r
 CVE-2023-3576 (A memory leak flaw was found in Libtiff's tiffcrop utility. 
This issue ...)
        {DSA-5567-1}
        - tiff 4.5.1~rc3-1
-       [buster] - tiff <postponed> (Minor issue, memory leak in CLI tool)
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/475
        NOTE: Fixed by: 
https://gitlab.com/libtiff/libtiff/-/commit/1d5b1181c980090a6518f11e61a18b0e268bf31a
 (v4.5.1rc1)
 CVE-2023-3512 (Relative path traversal vulnerability in Setelsa Security's 
ConacWin C ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Mar 2024] DLA-3758-1 tiff - security update
+       {CVE-2023-3576 CVE-2023-52356}
+       [buster] - tiff 4.1.0+git191117-2~deb10u9
 [10 Mar 2024] DLA-3757-1 nss - security update
        {CVE-2023-5388 CVE-2024-0743}
        [buster] - nss 2:3.42.1-1+deb10u8


=====================================
data/dla-needed.txt
=====================================
@@ -250,10 +250,6 @@ suricata (Adrian Bunk)
 thunderbird (Emilio)
   NOTE: 20240306: Added by Front-Desk (opal)
 --
-tiff (Abhijith PA)
-  NOTE: 20231231: Added by Front-Desk (lamby)
-  NOTE: 20231231: CVE-2023-3576 already fixed in bullseye via DSA or point 
release(s). (lamby)
---
 tinymce
   NOTE: 20231123: Added by Front-Desk (ola)
   NOTE: 20231216: Someone with more XSS experience needed to assess the



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7199e99c42f32f3a2b5eafa4053b4b4d5109e711

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7199e99c42f32f3a2b5eafa4053b4b4d5109e711
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to