[Secure-testing-commits] r47612 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 31 07:17:54 UTC 2016
Author: carnil
Date: 2016-12-31 07:17:54 +0000 (Sat, 31 Dec 2016)
New Revision: 47612
Modified:
data/CVE/list
Log:
Update status for CVE-2016-10087/libpng
Add bugreference #849799 as reported to BTS.
Add upstream commits for libpng16 and libpng12 braches.
Mark issue as no-dsa for jessie.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-31 06:56:12 UTC (rev 47611)
+++ data/CVE/list 2016-12-31 07:17:54 UTC (rev 47612)
@@ -2241,10 +2241,13 @@
CVE-2017-3895
RESERVED
CVE-2016-10087 [NULL pointer dereference]
- - libpng1.6 <unfixed>
+ - libpng1.6 <unfixed> (bug #849799)
- libpng <removed>
+ [jessie] - libpng <no-dsa> (Minor issue)
NOTE: Fixed in 1.0.67, 1.2.57, 1.4.20, 1.5.28, 1.6.27
NOTE: https://sourceforge.net/p/libpng/code/ci/243d4e5f3fe71740d52a53cf3dd77cc83a3430ba
+ NOTE: https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb (libpng16)
+ NOTE: https://sourceforge.net/p/libpng/code/ci/794a15fad6add4d636369d0b46f603a02995b2e2/ (libpng12)
CVE-2016-10075 [insecure use of git]
RESERVED
- tqdm <unfixed> (bug #849632)
More information about the Secure-testing-commits
mailing list