[Secure-testing-commits] r33984 - data/CVE

Thu, 30 Apr 2015 13:58:57 -0700 

Author: benh
Date: 2015-04-30 20:58:11 +0000 (Thu, 30 Apr 2015)
New Revision: 33984

Modified:
   data/CVE/list
Log:
Mark CVE-2014-812{8,9} as unfixed in tiff3

Although these issues were reported against the tools built from the
tiff source package, the underlying bugs are mostly in the library.
(At least, the fixes touch the library.)  So tiff3 is still affected.
-- This line, and those below, will be ignored--

M    data/CVE/list



Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-04-30 18:16:46 UTC (rev 33983)
+++ data/CVE/list       2015-04-30 20:58:11 UTC (rev 33984)
@@ -14057,14 +14057,15 @@
 CVE-2014-8129 [out-of-bound read and write]
        RESERVED
        - tiff 4.0.3-12.1 (bug #776185)
-       - tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF 
tools)
+       - tiff3 <unfixed>
        NOTE: Advisory: 
http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2487 (tiff2pdf)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2488 (tiff2pdf)
+       NOTE: The tiff3 source package doesn't build the TIFF tools, but most 
of these bugs are in the library
 CVE-2014-8128 [out-of-bounds write]
        RESERVED
        - tiff 4.0.3-12.3 (bug #776185)
-       - tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF 
tools)
+       - tiff3 <unfixed>
        NOTE: Advisory: 
http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2489 (thumbnail)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2490 (tiffdither)
@@ -14074,6 +14075,7 @@
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2495 (tiff2pdf)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2499 (thumbnail and 
tiffcmp) [not fixed yet in CVS HEAD]
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2501 (tiffdither)
+       NOTE: The tiff3 source package doesn't build the TIFF tools, but most 
of these bugs are in the library
 CVE-2014-8127 [out-of-bound reads]
        RESERVED
        - tiff <unfixed> (unimportant; bug #776185)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to