[Secure-testing-commits] r40750 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Apr 4 09:16:58 UTC 2016
Author: carnil
Date: 2016-04-04 09:16:57 +0000 (Mon, 04 Apr 2016)
New Revision: 40750
Modified:
data/CVE/list
Log:
Mark CVE-2016-3616 as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-04 08:43:24 UTC (rev 40749)
+++ data/CVE/list 2016-04-04 09:16:57 UTC (rev 40750)
@@ -711,15 +711,16 @@
CVE-2016-3616 [null pointer dereference in cjpeg]
RESERVED
- libjpeg-turbo 1:1.4.2-1
+ [jessie] - libjpeg-turbo <no-dsa> (Minor issue)
NOTE: libjpeg-turbo: Fixed by: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2)
- libjpeg6b <unfixed> (unimportant)
NOTE: unimportant, since cjpeg not installed in binary package in any suite having src:libjpeg6b
- libjpeg8 <unfixed>
+ [wheezy] - libjpeg8 <no-dsa> (Minor issue)
NOTE: cjpeg in src:libjpeg8 vulnerable, but not installed in binary package since 8d1-2
- libjpeg9 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319661
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1318509
- TODO: check, probably then no-dsa for all affected suites
CVE-2016-3627 [stack exhaustion in libxml2 parsing xml files in recover mode]
RESERVED
- libxml2 <unfixed> (bug #819006)
More information about the Secure-testing-commits
mailing list