[Secure-testing-commits] r36900 - data/CVE

Tue Sep 29 22:18:22 UTC 2015

Author: hertzog
Date: 2015-09-29 22:18:22 +0000 (Tue, 29 Sep 2015)
New Revision: 36900

Modified:
   data/CVE/list
Log:
Use an explicit <not-affected> for openjpeg on CVE-2015-6582

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-09-29 21:39:58 UTC (rev 36899)
+++ data/CVE/list	2015-09-29 22:18:22 UTC (rev 36900)
@@ -1871,13 +1871,13 @@
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2015-6581 (Double free vulnerability in the ...)
+	- openjpeg <not-affected> (Vulnerable code not present, function opj_j2k_copy_default_tcp_and_create_tcd)
 	- openjpeg2 <unfixed> (bug #800453)
 	NOTE: Openjpeg2 fix here (not in 2.1.0 and there's no new upstream release yet): https://github.com/uclouvain/openjpeg/commit/0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0
 	- chromium-browser 45.0.2454.85-1
 	[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-	NOTE: Versions 1.x of OpenJPEG do not have the vulnerable code (function opj_j2k_copy_default_tcp_and_create_tcd). The "openjpeg" source package is thus not listed.
 CVE-2015-6580 (Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, ...)
 	- chromium-browser 45.0.2454.85-1
 	[jessie] - chromium-browser 45.0.2454.85-1~deb8u1


