Bug#872043: opencv: CVE-2016-1516 CVE-2016-1516
Salvatore Bonaccorso
carnil at debian.org
Sun Aug 13 18:39:14 UTC 2017
Source: opencv
Version: 2.4.9.1+dfsg1-2
Severity: important
Tags: upstream security
Forwarded: https://github.com/opencv/opencv/issues/5956
Hi,
the following vulnerabilities were published for opencv.
CVE-2016-1516[0]:
| OpenCV 3.0.0 has a double free issue that allows attackers to execute
| arbitrary code.
CVE-2016-1516[1]:
| OpenCV 3.0.0 has a double free issue that allows attackers to execute
| arbitrary code.
Unfortunately the reporters are not helping out upstream to identify
the issues, and after several pings still not replies. Filling this
bug so we are able to track in Debian the status about those issues in
the BTS.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-1516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1516
[1] https://security-tracker.debian.org/tracker/CVE-2016-1516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1516
Please adjust the affected versions in the BTS as needed, none
versions were really testable. The report mentions 3.0.0 but might
affect any version.
Regards,
Salvatore
More information about the debian-science-maintainers
mailing list