[Secure-testing-commits] r32696 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Mar 8 17:44:49 UTC 2015
Author: carnil
Date: 2015-03-08 17:44:49 +0000 (Sun, 08 Mar 2015)
New Revision: 32696
Modified:
data/CVE/list
Log:
Update status for CVE-2015-2158/pngcrush
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-08 15:14:20 UTC (rev 32695)
+++ data/CVE/list 2015-03-08 17:44:49 UTC (rev 32696)
@@ -284,10 +284,11 @@
NOTE: present since release_candidate_2013-10-28
NOTE: https://github.com/splitbrain/dokuwiki/issues/1056
NOTE: https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f
-CVE-2015-2158
+CVE-2015-2158 [pngcrush_measure_idat() off-by-one error]
RESERVED
- - pngcrush <unfixed> (bug #779801)
- NOTE: Fixed in 1.7.84 upstream, changelog does not mention it
+ - pngcrush <not-affected> (Vulnerable code not present)
+ NOTE: Introduced by http://sourceforge.net/p/pmt/code/ci/e1a36a9639e2db16494d90459c7c2b78677a20bf/ (1.7.83)
+ NOTE: Fixed by: http://sourceforge.net/p/pmt/code/ci/a1ce646d00a400fd9ec321ab5cb522f40b7bdfe6/ (1.7.84)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/28/6
CVE-2015-2157 [PuTTY fails to clear private key information from memory]
RESERVED
More information about the Secure-testing-commits
mailing list