[Secure-testing-commits] r36843 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Sep 26 17:16:06 UTC 2015 

Author: carnil
Date: 2015-09-26 17:16:06 +0000 (Sat, 26 Sep 2015)
New Revision: 36843

Modified:
   data/CVE/list
Log:
Three CVEs assigned for freetype issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-09-26 17:09:27 UTC (rev 36842)
+++ data/CVE/list	2015-09-26 17:16:06 UTC (rev 36843)
@@ -904,8 +904,6 @@
 	NOT-FOR-US: VMware
 CVE-2015-6931
 	RESERVED
-CVE-2014-9745 (The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 ...)
-	TODO: check
 CVE-2015-XXXX [Use-after-free in openjpeg]
 	- openjpeg2 <unfixed>
 	- openjpeg <not-affected> (Vulnerable code not present; opj_j2k_write_mco function)
@@ -1109,20 +1107,27 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/3
 	NOTE: http://sourceforge.net/p/aufs/mailman/message/34449209/
 	NOTE: For Linux kernel with aufs aufs3-mmap.patch or aufs4-mmap.patch mmap patch
-CVE-2014-XXXX [infinite loop in parse_encoding (t1load.c)]
+CVE-2014-9745 [infinite loop in parse_encoding (t1load.c)]
 	- freetype 2.6-1 (bug #798620)
 	NOTE: https://launchpad.net/bugs/1492124
 	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
 	NOTE: https://savannah.nongnu.org/bugs/?41590
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75 (VER-2-5-3)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/11/4
-CVE-2014-XXXX [use of uninitialized data]
+	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
+CVE-2014-9746 [use of uninitialized data]
 	- freetype 2.6-1 (bug #798619)
 	NOTE: https://launchpad.net/bugs/1449225
 	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
 	NOTE: https://savannah.nongnu.org/bugs/?41309
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/11/4
+	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
+CVE-2014-9747 [t42parse.c vulnerability]
+	- freetype 2.6-1 (bug #798619)
+	NOTE: https://launchpad.net/bugs/1449225
+	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
+	NOTE: https://savannah.nongnu.org/bugs/?41309
+	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3)
+	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
 CVE-2015-6855 [commands which are illegal to sent to an ATAPI device should be rejected]
 	RESERVED
 	{DSA-3362-1 DSA-3361-1}

More information about the Secure-testing-commits mailing list