[Secure-testing-commits] r36895 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Sep 29 16:04:13 UTC 2015
Author: hertzog
Date: 2015-09-29 16:04:13 +0000 (Tue, 29 Sep 2015)
New Revision: 36895
Modified:
data/CVE/list
Log:
Review CVE-2015-6581
No version of openjpeg are affected but all versions of openjpeg2 are
affected. Filed a bug for openjpeg2 and added link to upstream fix.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-29 16:03:50 UTC (rev 36894)
+++ data/CVE/list 2015-09-29 16:04:13 UTC (rev 36895)
@@ -1861,13 +1861,13 @@
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6581 (Double free vulnerability in the ...)
- - openjpeg2 <unfixed>
- - openjpeg <unfixed>
+ - openjpeg2 <unfixed> (bug #800453)
+ NOTE: Openjpeg2 fix here (not in 2.1.0 and there's no new upstream release yet): https://github.com/uclouvain/openjpeg/commit/0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0
- chromium-browser 45.0.2454.85-1
[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- TODO: check
+ NOTE: Versions 1.x of OpenJPEG do not have the vulnerable code (function opj_j2k_copy_default_tcp_and_create_tcd). The "openjpeg" source package is thus not listed.
CVE-2015-6580 (Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, ...)
- chromium-browser 45.0.2454.85-1
[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
More information about the Secure-testing-commits
mailing list