[Secure-testing-commits] r39003 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-01-18 19:06:22 +0000 (Mon, 18 Jan 2016)
New Revision: 39003

Modified:
   data/CVE/list
Log:
Add two new CVEs for openjpeg2

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-18 18:47:27 UTC (rev 39002)
+++ data/CVE/list	2016-01-18 19:06:22 UTC (rev 39003)
@@ -1,6 +1,12 @@
 CVE-2016-XXXX [Multiple minor security issues]
 	- imagemagick 8:6.8.9.9-7 (bug #811308)
 	TODO: check, needs possibly CVEs
+CVE-2016-1924 [opj_tgt_reset: AddressSanitizer: SEGV on unknown address]
+	- openjpeg2 <unfixed>
+	TODO: check
+CVE-2016-1923 [opj_j2k_update_image_data: AddressSanitizer: heap-buffer-overflow READ of size 4]
+	- openjpeg2 <unfixed>
+	TODO: check
 CVE-2016-1920 [VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3]
 	NOT-FOR-US: KNOX 1.0 / Android 4.3
 CVE-2016-1919 [Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3]