[Secure-testing-commits] r38482 - data/CVE
Thorsten Alteholz
alteholz at moszumanska.debian.org
Tue Dec 22 21:37:54 UTC 2015
Author: alteholz
Date: 2015-12-22 21:37:54 +0000 (Tue, 22 Dec 2015)
New Revision: 38482
Modified:
data/CVE/list
Log:
for libpng we already have the complete patch set in Squeeze
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-22 21:10:12 UTC (rev 38481)
+++ data/CVE/list 2015-12-22 21:37:54 UTC (rev 38482)
@@ -3328,6 +3328,7 @@
CVE-2015-8472 [Incomplete fix for CVE-2015-8126]
RESERVED
- libpng <unfixed> (bug #807112)
+ [squeeze] - libpng <not-affected> (CVE-2015-8472 was assigned after it was discovered that initial patch was incomplete. libpng as shipped in Squeeze is not affected by this CVE, since we've already applied complete patch to fix the original issue.)
NOTE: Fixed in 1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65
CVE-2015-8126 (Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE ...)
{DSA-3399-1 DLA-343-1}
More information about the Secure-testing-commits
mailing list