[Secure-testing-commits] r38079 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 3 18:04:07 UTC 2015
Author: carnil
Date: 2015-12-03 18:04:07 +0000 (Thu, 03 Dec 2015)
New Revision: 38079
Modified:
data/CVE/list
Log:
Add note for incomplete fix for libpng issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-03 17:57:44 UTC (rev 38078)
+++ data/CVE/list 2015-12-03 18:04:07 UTC (rev 38079)
@@ -765,6 +765,10 @@
- libpng 1.2.54-1 (bug #805113)
NOTE: http://www.openwall.com/lists/oss-security/2015/11/12/2
NOTE: Fixed in 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64
+ NOTE: The original patch was incomplete, cf.
+ NOTE: http://www.openwall.com/lists/oss-security/2015/12/03/6
+ NOTE: and fixed in new upstream versions 1.6.20, 1.5.25,
+ NOTE: 1.4.18, 1.2.55, and 1.0.65
CVE-2015-8105 (Cross-site scripting (XSS) vulnerability in program/js/app.js in ...)
- roundcube 1.1.3+dfsg.1-1
[wheezy] - roundcube <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list