[Secure-testing-commits] r31498 - data/CVE

Raphael Geissert geissert at moszumanska.debian.org
Sun Jan 18 12:23:51 UTC 2015 

Author: geissert
Date: 2015-01-18 12:23:51 +0000 (Sun, 18 Jan 2015)
New Revision: 31498

Modified:
   data/CVE/list
Log:
start fixing the libpng confusion


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-18 11:59:32 UTC (rev 31497)
+++ data/CVE/list	2015-01-18 12:23:51 UTC (rev 31498)
@@ -807,7 +807,7 @@
 	[wheezy] - pigz <no-dsa> (Minor issue)
 	NOTE: https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f
 	NOTE: CVE request: http://www.openwall.com/lists/oss-security/2015/01/12/4
-CVE-2015-0973
+CVE-2015-0973 [libpng: png_read_IDAT_data/png_handle_IHDR overflow]
 	RESERVED
 	- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
 	[experimental] - libpng1.6 <unfixed> (bug #773823)
@@ -815,10 +815,11 @@
 	- icedove <unfixed>
 	[squeeze] - iceweasel <not-affected> (uses the system libpng)
 	[squeeze] - icedove <not-affected> (uses the system libpng)
-	- texlive-bin 2014.20140926.35254-4 (bug #773824)
+	- texlive-bin <unfixed>
 	[squeeze] - texlive-bin <not-affected> (has a copy of libpng 1.2)
 	[wheezy] - texlive-bin <not-affected> (uses system libpng)
 	NOTE: http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt
+	NOTE: http://mid.gmane.org/Pine.LNX.4.64.1501101510150.31425@beijing.mitre.org
 CVE-2015-0922 (McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 ...)
 	NOT-FOR-US: McAfee ePolicy Orchestrator
 CVE-2015-0921 (XML external entity (XXE) vulnerability in the Server Task Log in ...)
@@ -2122,6 +2123,14 @@
 	[squeeze] - xbindkeys-config <no-dsa> (Minor issue)
 CVE-2014-9495 (Heap-based buffer overflow in the png_combine_row function in libpng ...)
 	- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
+	- texlive-bin 2014.20140926.35254-4 (bug #773824)
+	[squeeze] - texlive-bin <not-affected> (has a copy of libpng 1.2)
+	[wheezy] - texlive-bin <not-affected> (uses system libpng)
+	[experimental] - libpng1.6 <unfixed> (bug #773823)
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	[squeeze] - iceweasel <not-affected> (uses the system libpng)
+	[squeeze] - icedove <not-affected> (uses the system libpng)
 	NOTE: http://sourceforge.net/p/png-mng/mailman/message/33173461/
 CVE-2014-9465
 	RESERVED

More information about the Secure-testing-commits mailing list