[Secure-testing-commits] r47077 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Wed Dec 14 23:33:52 UTC 2016
Author: apo
Date: 2016-12-14 23:33:52 +0000 (Wed, 14 Dec 2016)
New Revision: 47077
Modified:
data/CVE/list
Log:
CVE-2016-9583, jasper: Clarify that the vulnerability is not present in
Wheezy and Jessie and suggest to implement the check when more important issues
are found. Leave as <vulnerable> for Wheezy so that the issue continues to be
on the radar.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-14 23:33:15 UTC (rev 47076)
+++ data/CVE/list 2016-12-14 23:33:52 UTC (rev 47077)
@@ -7892,6 +7892,9 @@
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/103
NOTE: Fixed by https://github.com/mdadams/jasper/commit/99a50593254d1b53002719bbecfc946c84b23d27
+ NOTE: The issue exists due to an overflow check which is not present
+ NOTE: in Wheezy and Jessie. However it makes sense to implement this check.
+ NOTE: This can be done when more important issues are found [wheezy].
CVE-2016-9582
RESERVED
CVE-2016-9581 [infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1]
More information about the Secure-testing-commits
mailing list