[Secure-testing-commits] r39278 - data/CVE

Ben Hutchings benh at moszumanska.debian.org
Fri Jan 29 03:52:06 UTC 2016


Author: benh
Date: 2016-01-29 03:52:06 +0000 (Fri, 29 Jan 2016)
New Revision: 39278

Modified:
   data/CVE/list
Log:
Revert "Remove <no-dsa> for CVE-2015-{5203,5221}; these are not minor issues"

jmm told me that double-frees are rarely exploitable when using the glibc
allocator, so I'll accept the previous classification.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-29 03:49:22 UTC (rev 39277)
+++ data/CVE/list	2016-01-29 03:52:06 UTC (rev 39278)
@@ -15205,6 +15205,9 @@
 CVE-2015-5221 [use-after-free in mif_process_cmpt]
 	RESERVED
 	- jasper <unfixed> (bug #796253)
+	[jessie] - jasper <no-dsa> (Minor issue)
+	[wheezy] - jasper <no-dsa> (Minor issue)
+	[squeeze] - jasper <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/08/20/4
 CVE-2015-5220 (The Web Console in Red Hat Enterprise Application Platform (EAP) ...)
 	NOT-FOR-US: JBoss EAP
@@ -15260,6 +15263,9 @@
 CVE-2015-5203 [double free triggered by jasper_image_stop_load function]
 	RESERVED
 	- jasper <unfixed> (bug #796107)
+	[squeeze] - jasper <no-dsa> (Minor issue)
+	[wheezy] - jasper <no-dsa> (Minor issue)
+	[jessie] - jasper <no-dsa> (Minor issue)
 	NOTE: Analysis/More information: https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c3
 CVE-2015-5202
 	RESERVED




More information about the Secure-testing-commits mailing list