[Secure-testing-commits] r22827 - data/CVE

Michael Gilbert Tue, 02 Jul 2013 17:53:06 -0700

Author: mgilbert
Date: 2013-07-03 00:44:59 +0000 (Wed, 03 Jul 2013)
New Revision: 22827


Modified:
   data/CVE/list
Log:
remaining tiff3 issue is unimportant

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2013-07-03 00:32:25 UTC (rev 22826)
+++ data/CVE/list       2013-07-03 00:44:59 UTC (rev 22827)
@@ -6594,8 +6594,8 @@
        RESERVED
        {DSA-2698-1}
        - tiff 4.0.2-6+nmu1 (bug #706674)
-       - tiff3 3.9.7-1 (bug #712840)
-       NOTE: tiff command line tools not build in tiff3, only the library 
parts of CVE-2013-1961 affect tiff3
+       - tiff3 3.9.7-1 (unimportant; bug #712840)
+        NOTE: the changes that effect the library are just hardening, 
converting uses of sprintf to snprintf.  for wheezy those can be rolled into 
the next tiff3 update, but a separate dsa isn't needed
 CVE-2013-1960 [libtiff-tools: Heap-based buffer overflow in 
t2_process_jpeg_strip]
        RESERVED
        {DSA-2698-1}


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r22827 - data/CVE

Reply via email to