tiff3 triage

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@22826 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 14 insertions, 0 deletions

diff --git a/data/CVE/list.2006 b/data/CVE/list.2006
index f8bbf7f940..60d0c5d3a3 100644
--- a/data/CVE/list.2006
+++ b/data/CVE/list.2006
@@ -8480,24 +8480,31 @@ CVE-2006-3466
 CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the TIFF ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
+	- tiff3 <not-affected> (fixed prior to initial upload)
 CVE-2006-3464 (TIFF library (libtiff) before 3.8.2 allows context-dependent attackers ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
+	- tiff3 <not-affected> (fixed prior to initial upload)
 CVE-2006-3463 (The EstimateStripByteCounts function in TIFF library (libtiff) before ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
+	- tiff3 <not-affected> (fixed prior to initial upload)
 CVE-2006-3462 (Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
+	- tiff3 <not-affected> (fixed prior to initial upload)
 CVE-2006-3461 (Heap-based buffer overflow in the PixarLog decoder in the TIFF library ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
+	- tiff3 <not-affected> (fixed prior to initial upload)
 CVE-2006-3460 (Heap-based buffer overflow in the JPEG decoder in the TIFF library ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
+	- tiff3 <not-affected> (fixed prior to initial upload)
 CVE-2006-3459 (Multiple stack-based buffer overflows in the TIFF library (libtiff) ...)
 	{DSA-1137-1}
 	- tiff 3.8.2-6
+	- tiff3 <not-affected> (fixed prior to initial upload)
 CVE-2006-3486 (** DISPUTED ** ...)
 	- mysql-dfsg-5.0 5.0.22-4 (unimportant; bug #378102)
 	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present)
@@ -10347,6 +10354,7 @@ CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to c
 CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 ...)
 	{DSA-1091-1}
 	- tiff 3.8.2-3 (bug #369819; low)
+	- tiff3 <not-affected> (fixed prior to initial upload)
 CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top ...)
 	NOT-FOR-US: Monster Top List
 CVE-2006-2642 (** UNVERIFIABLE ** ...)
@@ -11334,6 +11342,7 @@ CVE-2006-2194 (The winbind plugin in pppd for ppp 2.4.4 and earlier does not che
 CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff ...)
 	{DSA-1091-1}
 	- tiff 3.8.2-4 (bug #371064; bug #370355; medium)
+	- tiff3 <not-affected> (fixed prior to initial upload)
 CVE-2006-2191 (** DISPUTED ** ...)
 	- mailman <unfixed> (unimportant)
 	NOTE: not exploitable
@@ -11485,6 +11494,7 @@ CVE-2006-2121 (PHP remote file include vulnerability in admin/config_settings.tp
 CVE-2006-2120 (The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers ...)
 	{DSA-1078-1}
 	- tiff 3.8.1 (bug #366588; medium)
+	- tiff3 <not-affected> (fixed prior to initial upload)
 CVE-2006-2119 (PHP remote file inclusion vulnerability in event/index.php in Artmedic ...)
 	NOT-FOR-US: Artmedic
 CVE-2006-2118 (JMK's Picture Gallery allows remote attackers to bypass authentication ...)
@@ -11694,16 +11704,19 @@ CVE-2006-2026 (Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 a
 	[sarge] - tiff 3.7.2-3sarge1
 	[woody] - tiff 3.5.5-7woody1
 	- tiff 3.8.1
+	- tiff3 <not-affected> (fixed prior to initial upload)
 CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c for ...)
 	{DSA-1054-1}
 	[sarge] - tiff 3.7.2-3sarge1
 	[woody] - tiff 3.5.5-7woody1
 	- tiff 3.8.1
+	- tiff3 <not-affected> (fixed prior to initial upload)
 CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow ...)
 	{DSA-1054-1}
 	[sarge] - tiff 3.7.2-3sarge1
 	[woody] - tiff 3.5.5-7woody1
 	- tiff 3.8.1
+	- tiff3 <not-affected> (fixed prior to initial upload)
 CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c ...)
 	NOT-FOR-US: Fenice
 CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module ...)
@@ -15488,6 +15501,7 @@ CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain sensit
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 ...)
 	- tiff 3.8.0-2 (bug #350715)
+	- tiff3 <not-affected> (fixed prior to initial upload)
 	[sarge] - tiff <not-affected> (Vulnerability was introduced later)
 	[woody] - tiff <not-affected> (Vulnerability was introduced later)
 CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document ...)