[Secure-testing-commits] r32907 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Mar 16 06:36:18 UTC 2015
Author: carnil
Date: 2015-03-16 06:36:16 +0000 (Mon, 16 Mar 2015)
New Revision: 32907
Modified:
data/CVE/list
Log:
Add fixed version for libpng1.6 (in experimental only)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-16 06:29:11 UTC (rev 32906)
+++ data/CVE/list 2015-03-16 06:36:16 UTC (rev 32907)
@@ -4260,7 +4260,7 @@
NOTE: https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f
CVE-2015-0973 (Buffer overflow in the png_read_IDAT_data function in pngrutil.c in ...)
- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
- [experimental] - libpng1.6 <unfixed> (bug #773823)
+ [experimental] - libpng1.6 1.6.16-1 (bug #773823)
- iceweasel <not-affected> (squeeze used the system libpng, and later versions define their own limits)
- icedove <not-affected> (squeeze used the system libpng, and later versions define their own limits)
- texlive-bin 2014.20140926.35254-6 (bug #775673)
@@ -5638,7 +5638,7 @@
- texlive-bin 2014.20140926.35254-4 (bug #773824)
[squeeze] - texlive-bin <not-affected> (has a copy of libpng 1.2)
[wheezy] - texlive-bin <not-affected> (uses system libpng)
- [experimental] - libpng1.6 <unfixed> (bug #773823)
+ [experimental] - libpng1.6 1.6.16-1 (bug #773823)
- iceweasel <not-affected> (squeeze used the system libpng, and later versions define their own limits)
- icedove <not-affected> (squeeze used the system libpng, and later versions define their own limits)
NOTE: http://sourceforge.net/p/png-mng/mailman/message/33173461/
More information about the Secure-testing-commits
mailing list