[Secure-testing-commits] r38492 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 23 05:52:40 UTC 2015
Author: carnil
Date: 2015-12-23 05:52:40 +0000 (Wed, 23 Dec 2015)
New Revision: 38492
Modified:
data/CVE/list
Log:
Add references for commits for libpng (CVE-2015-8472)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-23 05:40:02 UTC (rev 38491)
+++ data/CVE/list 2015-12-23 05:52:40 UTC (rev 38492)
@@ -3342,6 +3342,9 @@
- libpng <unfixed> (bug #807112)
[squeeze] - libpng <not-affected> (CVE-2015-8472 was assigned after it was discovered that initial patch was incomplete. libpng as shipped in Squeeze is not affected by this CVE, since we've already applied complete patch to fix the original issue.)
NOTE: Fixed in 1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65
+ NOTE: https://github.com/glennrp/libpng/commit/7e1ca9ceba4e64259863efdd98bab9b55bdc0b9c
+ NOTE: https://github.com/glennrp/libpng/commit/4488a96126bbefda51d07835411d8e847a88b2b7
+ NOTE: https://github.com/glennrp/libpng/commit/ad224c6907e8a274f2679eae4c2e3085fdc7e8c8
CVE-2015-8126 (Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE ...)
{DSA-3399-1 DLA-343-1}
- libpng 1.2.54-1 (bug #805113)
More information about the Secure-testing-commits
mailing list