[Secure-testing-commits] r38927 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jan 14 22:25:55 UTC 2016
Author: carnil
Date: 2016-01-14 22:25:55 +0000 (Thu, 14 Jan 2016)
New Revision: 38927
Modified:
data/CVE/list
Log:
Mark giflib as no-dsa for jessie and wheezy
Note for reviewers: Reasoning for the giflib no-dsa (but might be
disputed, correct me if you think otherwise): The issue is only in the
giffix utility. giffix is though used in fuzzyocr (low popcon).
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-14 22:09:55 UTC (rev 38926)
+++ data/CVE/list 2016-01-14 22:25:55 UTC (rev 38927)
@@ -7832,6 +7832,8 @@
CVE-2015-7555 [Heap-based buffer overflow in giffix utility]
RESERVED
- giflib <unfixed> (bug #808704)
+ [jessie] - giflib <no-dsa> (Minor issue; only in giffix utility)
+ [wheezy] - giflib <no-dsa> (Minor issue; only in giffix utility)
CVE-2015-7554 (The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows ...)
- tiff <unfixed> (bug #809066)
- tiff3 <removed>
More information about the Secure-testing-commits
mailing list