[Secure-testing-commits] r38870 - data/CVE
Mike Gabriel
sunweaver at moszumanska.debian.org
Tue Jan 12 16:03:34 UTC 2016
Author: sunweaver
Date: 2016-01-12 16:03:34 +0000 (Tue, 12 Jan 2016)
New Revision: 38870
Modified:
data/CVE/list
Log:
gdcm (CVE-2015-8397): Only affects upstream version 2.6.0 and 2.6.1. Tagging as not-affected for squeeze to jessie. Also referencing upstream commit that fixes the issue.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-12 15:33:38 UTC (rev 38869)
+++ data/CVE/list 2016-01-12 16:03:34 UTC (rev 38870)
@@ -4561,8 +4561,12 @@
CVE-2015-8397 [GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent]
RESERVED
- gdcm 2.6.2-1
+ [jessie] - gdcm <not-affected> (Vulerable code not present)
+ [wheezy] - gdcm <not-affected> (Vulerable code not present)
+ [squeeze] - gdcm <not-affected> (Vulerable code not present)
NOTE: http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/
- TODO: check older versions
+ NOTE: From above document: Issue only affects upstream versions 2.6.0 and 2.6.1.
+ NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/
CVE-2015-8396 [GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer]
RESERVED
- gdcm 2.6.2-1
More information about the Secure-testing-commits
mailing list