[Secure-testing-commits] r43701 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Aug 1 18:17:53 UTC 2016
Author: carnil
Date: 2016-08-01 18:17:53 +0000 (Mon, 01 Aug 2016)
New Revision: 43701
Modified:
data/CVE/list
Log:
Add extensive note for CVE-2016-6265
Note: Even reproducer does not lead to a heap-use-after-free does not
meen that it is not-affected here and unconfirmed yet for jessie to be
not-affected.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-01 16:24:04 UTC (rev 43700)
+++ data/CVE/list 2016-08-01 18:17:53 UTC (rev 43701)
@@ -843,6 +843,11 @@
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941
NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958
NOTE: Possibly introduced with: http://git.ghostscript.com/?p=mupdf.git;h=e767bd783d91ae88cd79da19e79afb2c36bcf32a (1.7-rc1)
+ NOTE: Although the e767bd783d91ae88cd79da19e79afb2c36bcf32a introduced the solid xrefs,
+ NOTE: that part of the code went trough several iterations before it settled down, and
+ NOTE: thus the issue could possibly be presend already before. The code in 1.5-1 looks
+ NOTE: quite similar, although the reproducer does not lead to a heap-use-after-free in
+ NOTE: the 1.5-1 case.
CVE-2016-6264
RESERVED
{DLA-561-1}
More information about the Secure-testing-commits
mailing list