[Secure-testing-commits] r44105 - in data: CVE DSA

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Aug 23 04:32:10 UTC 2016 

Author: carnil
Date: 2016-08-23 04:32:05 +0000 (Tue, 23 Aug 2016)
New Revision: 44105

Modified:
   data/CVE/list
   data/DSA/list
Log:
libgd issue got a CVE assignment later on, add for DLA-3619-1

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-08-23 04:26:51 UTC (rev 44104)
+++ data/CVE/list	2016-08-23 04:32:05 UTC (rev 44105)
@@ -2417,15 +2417,15 @@
 	RESERVED
 CVE-2016-1000010
 	RESERVED
-CVE-2016-XXXX [Out-Of-Bounds Read in function read_image_tga of gd_tga.c]
+CVE-2016-6905 [Out-Of-Bounds Read in function read_image_tga of gd_tga.c]
 	- libgd2 2.2.2-29-g3c2b605-1
-	[jessie] - libgd2 2.1.0-5+deb8u4
 	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
-	NOTE: Workaround entry for DSA-3619-1 until/if CVE is assigned
 	NOTE: https://github.com/libgd/libgd/issues/248
 	NOTE: https://github.com/libgd/libgd/pull/251
 	NOTE: https://github.com/libgd/libgd/commit/5a3f19e962b507560c9206965087db4dc0ad107f
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/12/4
+	NOTE: Fixed by: https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186
+	NOTE: followed by: https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03
+	NOTE: http://www.openwall.com/lists/oss-security/2016/07/12/4
 CVE-2016-6352 [Write out-of-bounds]
 	RESERVED
 	- gdk-pixbuf <unfixed> (bug #832496)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2016-08-23 04:26:51 UTC (rev 44104)
+++ data/DSA/list	2016-08-23 04:32:05 UTC (rev 44105)
@@ -92,7 +92,7 @@
 	{CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368 CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372 CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376 CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323}
 	[jessie] - pidgin 2.11.0-0+deb8u1
 [15 Jul 2016] DSA-3619-1 libgd2 - security update
-	{CVE-2016-5116 CVE-2016-5766 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6214}
+	{CVE-2016-5116 CVE-2016-5766 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6214 CVE-2016-6905}
 	[jessie] - libgd2 2.1.0-5+deb8u4
 [14 Jul 2016] DSA-3618-1 php5 - security update
 	{CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773}

More information about the Secure-testing-commits mailing list