svn commit: r421447 - head/security/vuxml
Tijl Coosemans
tijl at FreeBSD.org
Tue Sep 6 17:08:32 UTC 2016
Author: tijl
Date: Tue Sep 6 17:08:31 2016
New Revision: 421447
URL: https://svnweb.freebsd.org/changeset/ports/421447
Log:
- Add linux-*-tiff information to existing tiff vulnerabilities.
- Like r419692, cancel a gif2tiff vulnerability that upstream marked
WONTFIX: http://bugzilla.maptools.org/show_bug.cgi?id=2536
PR: 211552
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Sep 6 17:07:55 2016 (r421446)
+++ head/security/vuxml/vuln.xml Tue Sep 6 17:08:31 2016 (r421447)
@@ -4221,6 +4221,14 @@ Notes:
<name>tiff</name>
<range><lt>4.0.6_2</lt></range>
</package>
+ <package>
+ <name>linux-c6-tiff</name>
+ <range><lt>3.9.4_2</lt></range>
+ </package>
+ <package>
+ <name>linux-f10-tiff</name>
+ <range><ge>*</ge></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -4233,40 +4241,19 @@ Notes:
</description>
<references>
<url>https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2</url>
+ <cvename>CVE-2016-5314</cvename>
+ <cvename>CVE-2016-5320</cvename>
<cvename>CVE-2016-5875</cvename>
</references>
<dates>
<discovery>2016-06-28</discovery>
<entry>2016-07-15</entry>
+ <modified>2016-09-06</modified>
</dates>
</vuln>
<vuln vid="42ecf370-4aa4-11e6-a7bd-14dae9d210b8">
- <topic>tiff -- denial of service</topic>
- <affects>
- <package>
- <name>tiff</name>
- <range><lt>4.0.6_2</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Aladdin Mubaied reports:</p>
- <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1319503">
- <p>Buffer-overflow in gif2tiff utility</p>
- </blockquote>
- </body>
- </description>
- <references>
- <url>https://bugzilla.redhat.com/show_bug.cgi?id=1319503</url>
- <url>https://bugzilla.redhat.com/show_bug.cgi?id=1319666</url>
- <url>http://www.openwall.com/lists/oss-security/2016/03/30/2</url>
- <cvename>CVE-2016-3186</cvename>
- </references>
- <dates>
- <discovery>2016-03-20</discovery>
- <entry>2016-07-15</entry>
- </dates>
+ <cancelled/>
</vuln>
<vuln vid="d706a3a3-4a7c-11e6-97f7-5453ed2e2b49">
@@ -14950,7 +14937,15 @@ Notes:
<affects>
<package>
<name>tiff</name>
- <range><le>4.0.6</le></range>
+ <range><lt>4.0.6_1</lt></range>
+ </package>
+ <package>
+ <name>linux-c6-tiff</name>
+ <range><lt>3.9.4_2</lt></range>
+ </package>
+ <package>
+ <name>linux-f10-tiff</name>
+ <range><ge>*</ge></range>
</package>
</affects>
<description>
@@ -14968,6 +14963,7 @@ Notes:
<dates>
<discovery>2015-12-25</discovery>
<entry>2016-01-05</entry>
+ <modified>2016-09-06</modified>
</dates>
</vuln>
@@ -14976,7 +14972,15 @@ Notes:
<affects>
<package>
<name>tiff</name>
- <range><le>4.0.6</le></range>
+ <range><lt>4.0.6_1</lt></range>
+ </package>
+ <package>
+ <name>linux-c6-tiff</name>
+ <range><lt>3.9.4_2</lt></range>
+ </package>
+ <package>
+ <name>linux-f10-tiff</name>
+ <range><ge>*</ge></range>
</package>
</affects>
<description>
@@ -14993,6 +14997,7 @@ Notes:
<dates>
<discovery>2015-12-24</discovery>
<entry>2016-01-05</entry>
+ <modified>2016-09-06</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list