[Secure-testing-commits] r38549 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Dec 27 10:27:56 UTC 2015 

Author: carnil
Date: 2015-12-27 10:27:56 +0000 (Sun, 27 Dec 2015)
New Revision: 38549

Modified:
   data/CVE/list
Log:
Update CVE-2015-836{6,7}/libraw, mark as no-dsa

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-27 09:27:51 UTC (rev 38548)
+++ data/CVE/list	2015-12-27 10:27:56 UTC (rev 38549)
@@ -3106,14 +3106,21 @@
 CVE-2015-8367 [Memory objects are not intialized properly]
 	RESERVED
 	- libraw 0.17.1-1 (bug #806809)
+	[jessie] - libraw <no-dsa> (Minor issue)
+	[wheezy] - libraw <not-affected> (Vulnerable code not present)
 	[squeeze] - libraw <not-affected> (Vulerable code not present)
-	NOTE: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
-	TODO: check other copies containing libraw code
+	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
+	NOTE: Introduced by: https://github.com/LibRaw/LibRaw/commit/7b1430c76a19c93f3cc755bb2ff9bda0ba9b4082 (0.15.0)
+	TODO: check other copies containing libraw code, double check introducing commit
 CVE-2015-8366 [Index overflow in smal_decode_segment]
 	RESERVED
 	- libraw 0.17.1-1 (bug #806809)
-	NOTE: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
-	TODO: check other copies containing libraw code
+	[jessie] - libraw <no-dsa> (Minor issue)
+	[wheezy] - libraw <not-affected> (Vulnerable code not present)
+	[squeeze] - libraw <not-affected> (Vulnerable code not present)
+	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
+	NOTE: Introduced by: https://github.com/LibRaw/LibRaw/commit/cfe3ab8da7276fb339de770a3d1b7bfb212620b7
+	TODO: check other copies containing libraw code, double check introducing commit
 CVE-2015-8365 (The smka_decode_frame function in libavcodec/smacker.c in FFmpeg ...)
 	- ffmpeg 7:2.8.3-1 (bug #806519)
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)

More information about the Secure-testing-commits mailing list