[Secure-testing-commits] r50204 - data/CVE

Thu, 30 Mar 2017 10:03:12 -0700 

Author: hertzog
Date: 2017-03-30 17:01:50 +0000 (Thu, 30 Mar 2017)
New Revision: 50204

Modified:
   data/CVE/list
Log:
More tiff3 CVE triage on wheezy

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-03-30 16:44:22 UTC (rev 50203)
+++ data/CVE/list       2017-03-30 17:01:50 UTC (rev 50204)
@@ -332,6 +332,7 @@
        {DSA-3762-1 DLA-795-1}
        - tiff 4.0.7-2
        - tiff3 <removed>
+       [wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this 
source package)
        NOTE: 
https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
        NOTE: 
https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
@@ -339,6 +340,7 @@
        {DSA-3762-1 DLA-795-1}
        - tiff 4.0.7-2
        - tiff3 <removed>
+       [wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this 
source package)
        NOTE: 
https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
        NOTE: 
https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
@@ -7246,6 +7248,7 @@
        - tiff <unfixed> (bug #850316)
        [wheezy] - tiff 4.0.2-6+deb7u7
        - tiff3 <removed>
+       - tiff3 <not-affected> (Unreproducible, does not support BigTIFF files)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625
        NOTE: probably preemptively fixed in 4.0.2-6+deb7u7 wheezy upload, as 
test case doesn't trigger issue
        NOTE: similar to CVE-2015-7554 and CVE-2016-5318
@@ -7267,6 +7270,7 @@
        {DSA-3762-1 DLA-795-1}
        - tiff 4.0.7-2
        - tiff3 <removed>
+       [wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this 
source package)
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
        NOTE: Fixed by: 
https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
 CVE-2016-10091 [stack-based buffer overflows in cmd_* functions]


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to