[Secure-testing-commits] r46958 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sat Dec 10 21:10:13 UTC 2016
Author: sectracker
Date: 2016-12-10 21:10:13 +0000 (Sat, 10 Dec 2016)
New Revision: 46958
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-10 19:39:09 UTC (rev 46957)
+++ data/CVE/list 2016-12-10 21:10:13 UTC (rev 46958)
@@ -8193,6 +8193,7 @@
REJECTED
CVE-2016-9560 [stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)]
RESERVED
+ {DLA-739-1}
- jasper <removed>
NOTE: https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495
@@ -10589,6 +10590,7 @@
NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887
CVE-2016-8887 [NULL pointer dereference in jp2_colr_destroy (jp2_cod.c)]
RESERVED
+ {DLA-739-1}
- jasper <removed>
NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d (version-1.900.10)
@@ -10616,11 +10618,13 @@
NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
CVE-2016-8883 [assert in jpc_dec_tiledecode()]
RESERVED
+ {DLA-739-1}
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/32
NOTE: https://github.com/mdadams/jasper/commit/33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d
CVE-2016-8882 [segfault / null pointer access in jpc_pi_destroy]
RESERVED
+ {DLA-739-1}
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/30
NOTE: https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee (version-1.900.8)
@@ -10771,16 +10775,19 @@
NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8693 [attempting double-free ... mem_close ... jas_stream.c]
RESERVED
+ {DLA-739-1}
- jasper <removed> (bug #841110)
NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/
NOTE: https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309
CVE-2016-8692 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
RESERVED
+ {DLA-739-1}
- jasper <removed> (low; bug #841111)
NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
CVE-2016-8691 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
RESERVED
+ {DLA-739-1}
- jasper <removed> (bug #841111)
NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
@@ -10910,6 +10917,7 @@
NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
CVE-2016-8654 [Heap-based buffer overflow in QMFB code in JPC codec]
RESERVED
+ {DLA-739-1}
- jasper <removed>
NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/93
NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/94
More information about the Secure-testing-commits
mailing list